[Resolved] Pop-Up Attacks in Firefox, IE, Files Load at Startup
hmdox-----> C:\Docs and Settings\All Users\Start Menu\Programs\Startup\hmdox.exe
peqnre-----> C:\WINDOWS\System32\peqnre.exe reg_run
Basically I get pop-ups as soon as I connect to the internet (dial up currently
). They appear in Firefox and pop up every 10-30 seconds or so and then every now and again I'll get a quick attack from IE pop ups...which I don't even use to browse the web at all. I end the iexplore task and I'm fine for awhile for that but this is getting on my last nerves.Also it seems my McAfee started to get disabled to a point where it wouldn't work anymore so I'm currently downloading Trend Micro-- who knows, it might fix a lot of this but check my HJT log and see what's wrong. It won't let me fix the top 2 for some reason either...they are sketching me out.
Logfile of HijackThis v1.99.1
Scan saved at 11:54:48 AM, on 9/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\unzipped\hijackthis\hijackthis.exe
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\gohrr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qjovcji. exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9B8CB61-06D7-4F35-BF54-9FD37E42906B}: NameServer = 216.165.129.157 216.170.153.146
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\locdll.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Linear Mode
