Tech Support Forum - View Single Post - I also have the "unsolicited browser pops" problem. Tks

foreverhappy · 11-13-2008, 07:44 PM

Tks Chem!
This is such work! lol

I have not been using my computer as much, but just when checking email I did not see those pop ups anymore.

The virus the Kaspersky got I think are the ones my ZoneAlarm put in quarentine.

I like ZoneAlarm, and I think you all might not like it, but can you recommend which program I should have to leave on for spyware/malware? I do not like SpyBot because it does not catch all and then you have to have a second program.

I would love a "Security Program" for all issues: virus, spy, mal, hijacking, etc.
Any suggestion?

I was surprised to have this issue and I still have no idea where that came from.
I noticed that Windows updates suck, because each time something happens with the computer.
One annoying issue, is that when I open my IE7, instead of going to my home page, it goes to Get IE8 beta. ARGGHHHH!!!!

And my computer is a bit slow, and I did all I thought...
Updates, scans, system mechanic cleaning, and I think those windows updates suck! I guess I already said that! LOL

QUESTION:

When a virus is found, is better to put in quarentine instead of removing right away?
If you put in quarentine, then when is it safe to remove the virus(es)?

Tks for your help, Chem.
It is a lot of repetitive work!

KASPERSKY

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 13, 2008 18:50:55
Records in database: 1383528
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 98489
Threat name: 3
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:05:38

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\dbyhlk.dll.vir Infected: Trojan-Spy.Win32.Agent.evh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dfdopceg.dll.vir Infected: Trojan-Spy.Win32.Agent.evh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gyjdxp.dll.vir Infected: Trojan-Spy.Win32.Agent.evh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\imqrcf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.esw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ksmlujdb.dll.vir Infected: Trojan.Win32.Agent.amng 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oltrlcte.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.esw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tdqqejgq.dll.vir Infected: Trojan-Spy.Win32.Agent.evh 1

The selected area was scanned.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

HT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:41 PM, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79F95549-09CA-48E7-B953-4E1A71AB9071}: NameServer = 209.84.253.11,209.84.253.12
O18 - Protocol hijack: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021}
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5131 bytes

11-13-2008, 07:44 PM	#9 (permalink)
foreverhappy Registered User Join Date: Nov 2008 Posts: 5 OS: windowsXP	Re: I also have the "unsolicited browser pops" problem. Tks Tks Chem! This is such work! lol I have not been using my computer as much, but just when checking email I did not see those pop ups anymore. The virus the Kaspersky got I think are the ones my ZoneAlarm put in quarentine. I like ZoneAlarm, and I think you all might not like it, but can you recommend which program I should have to leave on for spyware/malware? I do not like SpyBot because it does not catch all and then you have to have a second program. I would love a "Security Program" for all issues: virus, spy, mal, hijacking, etc. Any suggestion? I was surprised to have this issue and I still have no idea where that came from. I noticed that Windows updates suck, because each time something happens with the computer. One annoying issue, is that when I open my IE7, instead of going to my home page, it goes to Get IE8 beta. ARGGHHHH!!!! And my computer is a bit slow, and I did all I thought... Updates, scans, system mechanic cleaning, and I think those windows updates suck! I guess I already said that! LOL QUESTION: When a virus is found, is better to put in quarentine instead of removing right away? If you put in quarentine, then when is it safe to remove the virus(es)? Tks for your help, Chem. It is a lot of repetitive work! KASPERSKY -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, November 13, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, November 13, 2008 18:50:55 Records in database: 1383528 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 98489 Threat name: 3 Infected objects: 7 Suspicious objects: 0 Duration of the scan: 01:05:38 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\dbyhlk.dll.vir Infected: Trojan-Spy.Win32.Agent.evh 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\dfdopceg.dll.vir Infected: Trojan-Spy.Win32.Agent.evh 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gyjdxp.dll.vir Infected: Trojan-Spy.Win32.Agent.evh 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\imqrcf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.esw 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ksmlujdb.dll.vir Infected: Trojan.Win32.Agent.amng 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\oltrlcte.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.esw 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\tdqqejgq.dll.vir Infected: Trojan-Spy.Win32.Agent.evh 1 The selected area was scanned. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ HT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:32:41 PM, on 11/13/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxctcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\Hide My IP 2008\SecureSrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79F95549-09CA-48E7-B953-4E1A71AB9071}: NameServer = 209.84.253.11,209.84.253.12 O18 - Protocol hijack: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5131 bytes