Home > Need Help > Need Help With Popups : TK58.exe

Need Help With Popups : TK58.exe

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} Please see if it is still there...There is still more to do. To boot into Safe Mode, please restart your computer. O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details. Adaware ... Close HijackThis.Firstly download: DelDomains.infLocate DelDomains.inf right-click and select: InstallNote: you will not see any on-screen action ...This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.Note once you Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! http://www.techsupportforum.com/forums/f100/need-help-with-popups-tk58-exe-174187.html

It does not count as help. Important: Perform this instruction carefully! Last Modified: Oct 8, 2016 Helpful? Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [Eaguix] "C:\Program Files\??crosoft\m?hta.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

  1. Let me know what happens.
  2. If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.
  3. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name)
  4. Let's get started.Your log reveals a backdoor bot.
  5. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy
  • If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all
  • Please execute all of the instructions from the beginning, but booted into Normal mode the entire time.
  • But, it could also be the malware.Edit: Actually, let's try this.
  • Dr.Web CureIt has improved the situation somewhat.
  • So is this fixable or should I format and install from square one ?
  • The time now is 09:53 AM. Join over 733,556 other people just like you! Powered by vBulletin Version 4.2.0 Copyright © 2017 vBulletin Solutions, Inc. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move

    Several functions may not work. O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = Do we need to have admin privileges for logging into Safe mode? https://www.bleepingcomputer.com/forums/t/100287/the-popups-wont-stop/ Copyright © Apple Inc.

    O4 - Global Startup: Lotus QuickStart.lnk = ? Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} My system is much faster than before..But I am still worried about the malware you were talking about. I've run Spybot S&D and also AdAware and it doesn't help.

    Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu http://www.bullguard.com/forum/10/Pls-Help--TK58exe-HJT-Log-Atta_55670.html Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe * IMPORTANT !!! Place it on your Desktop.Execute Combofix as follows:Double click combofix.exe & follow the prompts.When finished, it shall produce a log for you.

    Back to top #3 txpaige txpaige Topic Starter Members 6 posts OFFLINE Local time:09:53 AM Posted 16 July 2007 - 04:02 PM Ok, here is the combofix log:"Paige Sanders" - If you're concerned about a pop-up, follow these instructions orcontact Apple. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" Check the box that says: "Accept License Agreement".

    Go to → Run → paste in the single line command & click OK"%userprofile%\desktop\combofix.exe" /killall3. Advertisement jeffkun Thread Starter Joined: Nov 17, 2007 Messages: 10 I've been infected with the TK58.exe generic3.UNS virus and AVG quarantines the file but it keeps coming back everytime I reboot scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-15 10:52:32 C:\ComboFix-quarantined-files.txt ... 2007-08-15 10:52 C:\ComboFix2.txt ... 2007-08-13 11:58 C:\ComboFix3.txt ... 2007-08-13 11:55 --- E O F --- Logfile of Trend Drabdr replied Jan 17, 2017 at 9:28 AM Loading...

    shaferintlLinks to Free Tools I Use: AVG Antivirus ... Performed disk cleanup. Spyware Blaster ...

    Free Computer Help.

    This is my sister inlaws PC and she tried to open a yahoo messenger that sent her to a virus, this virus changed her password in both her yahoo messenger and button. This prevents Safari fromautomatically reopening any windows. Symantic Antivirus Corp.

    So I ran Dr.Web CureIt. jeffkun, Nov 18, 2007 #4 jeffkun Thread Starter Joined: Nov 17, 2007 Messages: 10 Bump jeffkun, Nov 19, 2007 #5 jeffkun Thread Starter Joined: Nov 17, 2007 Messages: 10 Posted Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]"Tair"="C:\PROGRA~1\ICROSO~1.NET\netdde.exe" []"Ixbifxu"="C:\WINDOWS\system32\?ystem32\??chost.exe" [][HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]Source= C:\Program Files\Messenger\profsyvy.htmlFriendlyName= R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sysR2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exeR2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exeR3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sysR3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sysR3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sysS2 MSSQL$GRUMPY;MSSQL$GRUMPY;C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sGRUMPYS3 NetTimeSvc;NetTime;C:\Program after the system restarted SDFix command window opened but logfile didn't open on its own..It didn't give me any "FINSISHED press any key" message also.That's OK.

    My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details. This applies only to the original topic starter. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exeO4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security

    ComboFix 07-08-15.3 - "amy.summers" 2007-08-15 10:50:22.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.233 [GMT -5:00] Command switches used :: /killall * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to Keep it in the forums so all may learn from it. O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    and here is the SDFix logfileSDFix: Version 1.100Run by sdhulipalla on 2007-08-26 at 12:44Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixSafe Mode:Checking Services: Restoring Windows Registry ValuesRestoring Windows Default Hosts Fileand HJT the system cannot find the file apps\svr2.txt the system cannot find the file apps\svc.txt the system cannot find the file apps\svr2.txt the system cannot find the file apps\legacy.txtDo you want to