[Closed] removing Smacchat.com pop-up

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Closed] removing Smacchat.com pop-up

Options

jklebaka View Member Profile	Nov 17 2008, 08:20 PM Post #1
New Member Group: New Member Posts: 1 Joined: 17-November 08 Member No.: 82,455 Operating System: XP	Hi, I am getting smacchat.com pop-up. Please let me know how to remove it. Thanks J Here is my Hijackthis log: ==================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:13:26 PM, on 11/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\drivers\trcboot.exe C:\Program Files\McAfee\DLP\Agent\fcags.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\DLP\Agent\fcag.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\McAfee\DLP\Agent\FCAGTE.EXE C:\Program Files\McAfee\DLP\Agent\FCAGT.EXE C:\Notes\ntmulti.exe C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PROT_SRV.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pagents.exe C:\WINDOWS\system32\PSTARTSR.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\drivers\ldlcserv.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\RightFax\Client\FaxCtrl.exe C:\Program Files\Pointsec\P95tray.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fidelityinfoservices.com/fnfis/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.efunds.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {bfb78ca9-621c-46be-8017-57971b52c00a} - C:\WINDOWS\system32\nakonaze.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FaxCtrl.exe O4 - HKLM\..\Run: [Protect Tray] "C:\Program Files\Pointsec\P95tray.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [CPM3b9e08c2] Rundll32.exe "c:\windows\system32\ratifuya.dll",a O4 - HKLM\..\Run: [vitibopuyu] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [vitibopuyu] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [pcsmig] "C:\Program Files\IBM\Personal Communications\pcsmig.exe" -L (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [vitibopuyu] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [pcsmig] "C:\Program Files\IBM\Personal Communications\pcsmig.exe" -L (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [pcsmig] "C:\Program Files\IBM\Personal Communications\pcsmig.exe" -L (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [pcsmig] "C:\Program Files\IBM\Personal Communications\pcsmig.exe" -L (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04e96839478369...tzip/RdxIE6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208783986078 O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://webf.mypicturetown.com/P2PwebCmdCon...r/x/Upld_47.CAB O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://tejulebaka.myphotoalbum.com/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: karna.dat rmpwno.dll C:\WINDOWS\system32\jowujino.dll c:\windows\system32\ratifuya.dll O20 - Winlogon Notify: FCAGWL - C:\WINDOWS\SYSTEM32\fcagwl.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ratifuya.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ratifuya.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ldlcserv - Unknown owner - C:\WINDOWS\system32\drivers\ldlcserv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee DLP Agent Service (McAfeeDLPAgentService) - McAfee Inc. - C:\Program Files\McAfee\DLP\Agent\fcags.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\PROT_SRV.EXE O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINDOWS\system32\pagents.exe O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\PSTARTSR.EXE O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\system32\drivers\trcboot.exe -- End of file - 9422 bytes This post has been edited by jklebaka: Nov 17 2008, 08:22 PM

jpshortstuff View Member Profile	Nov 18 2008, 05:14 AM Post #2
SuperMember Group: Malware Team Posts: 2,217 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP Media Center/Ubuntu Linux	Hi, and Welcome to WhatTheTech My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Download ComboFix by *sUBs* from here or here Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy. Save it to your desktop We need to disable one or more of your security programs so that they do not interfere with ComboFix. Disable McAfee Anti-Virus Please navigate to the system tray on the bottom right hand corner and look for a sign. Right-click it -> chose "Exit." A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard. Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes. When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log Notes: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. Thanks.

jpshortstuff View Member Profile	Nov 24 2008, 06:45 AM Post #3
SuperMember Group: Malware Team Posts: 2,217 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP Media Center/Ubuntu Linux	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal [Resolved] Page load error, and browser popup 12	20	02dakota	215	Today, 09:20 PM Last post by: Tomk
HijackThis™ Logs and Infections Removal [Closed] Mother-in-laws computer Antivirus 2009	4	CaptFlynn	77	Today, 06:35 PM Last post by: IndiGenus
HijackThis™ Logs and Infections Removal [Resolved] Computer Slowing & Search Engine Use Affected 12	23	Jroach_8	307	Today, 04:18 PM Last post by: LDTate
HijackThis™ Logs and Infections Removal [Resolved] c5.zedo.com popups	8	mnlong	199	Today, 04:17 PM Last post by: LDTate