Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
hi please can any sort this problem out im still getting pop ups even when iv tried everything got adaware spybot spyware blaster ewido spyguard spyware doctor but im still bugged with pop ups can anyone help me out thanxs in advane
0 
yep i did scan in safe mode but still pop ups i get all sorts of pop ups from different site these are some of them
paypopup.com
great-coupon.com
mega-savings.com
ez-savings
ad-w-a-r-e.com
im also getting alot of small flash pop ups so how can i clean this problem thanxs in advance
0
Shazy,It looks like Look2Me spyware.Download Spysweeper Free Trial
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
This may take several minutesClick on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.
When the sweep has finished, click Remove. Click Select All and then Next
From "Results", select the Session Log tab. Click Save to File and save the log somewhere convenient.
Exit Spy Sweeper.
Post the log from Spysweeper.
0
Go to trendmicro.com and run their free online spam scam , very good . Also if you are useing IE get rid of it and switch to Mozilla or Firefox for your browser and you won't get any more popups , the blocker is built into the browser.
0
no more pop ups thank god i used spysweeper and that removed some infections but i havnt got anymore pop ups thanxs everyone here is the log for spysweeper jabuck
14:46: | Start of Session, 21 November 2005 |
14:46: Spy Sweeper started
14:46: Sweep initiated using definitions version 556
14:46: Starting Memory Sweep
14:46: Found Adware: icannnews
14:46: Detected running threat: C:\WINDOWS\system32\trolhelp.dll (ID = 83)
14:47: Detected running threat: C:\WINDOWS\system32\kt8sl7l71.dll (ID = 83)
14:53: Memory Sweep Complete, Elapsed Time: 00:06:56
14:53: Starting Registry Sweep
14:53: Found Adware: adlogix
14:53: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/test.ocx\ (2 subtraces) (ID = 103108)
14:53: Found Adware: minigolf
14:53: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/wildapp.dll\ (2 subtraces) (ID = 135051)
14:53: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\ (2 subtraces) (ID = 135052)
14:53: Found System Monitor: sc-keylog
14:53: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\explorer\ (6 subtraces) (ID = 140468)
14:53: Found Adware: tvmedia
14:53: HKU\WRSS_Profile_S-1-5-21-798564151-1495664545-1523937734-501\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145309)
14:53: HKU\WRSS_Profile_S-1-5-21-798564151-1495664545-1523937734-501\software\microsoft\windows\currentversion\run\ || tv media (ID = 145312)
14:53: Found Adware: sidesearch
14:53: HKU\WRSS_Profile_S-1-5-21-798564151-1495664545-1523937734-501\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
14:53: Found Adware: coolwebsearch (cws)
14:53: HKU\WRSS_Profile_S-1-5-21-798564151-1495664545-1523937734-500\software\microsoft\windows\currentversion\run\ || iedll (ID = 112396)
14:53: HKU\WRSS_Profile_S-1-5-21-798564151-1495664545-1523937734-500\software\microsoft\windows\currentversion\run\ || loader (ID = 112400)
14:53: Found Adware: globaldialer
14:53: HKU\WRSS_Profile_S-1-5-21-798564151-1495664545-1523937734-500\software\microsoft\windows\currentversion\run\ || sws.exe (ID = 126852)
14:53: HKU\WRSS_Profile_S-1-5-21-798564151-1495664545-1523937734-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
14:54: Found Adware: cws-aboutblank
14:54: HKU\S-1-5-21-798564151-1495664545-1523937734-1003\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
14:54: Registry Sweep Complete, Elapsed Time:00:01:05
14:54: Starting Cookie Sweep
14:54: Found Spy Cookie: primaryads cookie
14:54: guest@1.primaryads[2].txt (ID = 3190)
14:54: Found Spy Cookie: about cookie
14:54: guest@about[1].txt (ID = 2037)
14:54: Found Spy Cookie: atwola cookie
14:54: guest@atwola[2].txt (ID = 2255)
14:54: Found Spy Cookie: a cookie
14:54: guest@a[1].txt (ID = 2027)
14:54: Found Spy Cookie: ccbill cookie
14:54: guest@ccbill[1].txt (ID = 2369)
14:54: Found Spy Cookie: centralmedia cookie
14:54: guest@centralmedia[2].txt (ID = 2373)
14:54: Found Spy Cookie: tickle cookie
14:54: guest@cookie.tickle[1].txt (ID = 3530)
14:54: Found Spy Cookie: ugo cookie
14:54: guest@mediamgr.ugo[2].txt (ID = 3609)
14:54: guest@pregnancy.about[2].txt (ID = 2038)
14:54: Found Spy Cookie: sex cookie
14:54: guest@rd6.sex[1].txt (ID = 3348)
14:54: Found Spy Cookie: spywarestormer cookie
14:54: guest@spywarestormer[1].txt (ID = 3417)
14:54: Found Spy Cookie: affiliatefuel.com cookie
14:54: guest@www.affiliatefuel[2].txt (ID = 2202)
14:54: Found Spy Cookie: www.mature-post cookie
14:54: guest@www.mature-post[1].txt (ID = 3703)
14:54: Found Spy Cookie: xiti cookie
14:54: guest@xiti[1].txt (ID = 3717)
14:54: Found Spy Cookie: yadro cookie
14:54: guest@yadro[2].txt (ID = 3743)
14:54: Found Spy Cookie: enhance cookie
14:54: system@c.enhance[1].txt (ID = 2614)
14:54: Cookie Sweep Complete, Elapsed Time: 00:00:01
14:54: Starting File Sweep
14:54: Found Adware: clearsearch
14:54: c:\documents and settings\guest\local settings\temp\clrsch (ID = -2147481250)
14:58: Found Adware: apropos
14:58: wingenerics.dll (ID = 50187)
14:59: searchbar.html (ID = 55521)
15:24: Found Adware: media-motor
15:24: backup-20040401-151659-924.inf (ID = 74128)
15:26: Found System Monitor: ufp 007 spy
15:26: unins000.exe (ID = 48061)
15:27: tvmknwrd.dll (ID = 81726)
15:33: _iu14d2n.tmp (ID = 48061)
15:38: Found System Monitor: potentially rootkit-masked files
15:38: ptiiint5.sys (ID = 0)
15:38: docpsetu.exe (ID = 0)
15:38: digfco40.exe (ID = 0)
15:38: csraffic.exe (ID = 0)
15:38: data.bin (ID = 0)
15:38: ace.dll (ID = 0)
15:38: ai_20-11-2005.log (ID = 0)
15:38: ai_21-11-2005.log (ID = 0)
15:38: Warning: Unhandled Archive Type
15:40: Warning: Unhandled Archive Type
15:43: Warning: Unhandled Archive Type
15:43: Warning: Invalid Stream
15:44: File Sweep Complete, Elapsed Time: 00:49:39
15:44: Full Sweep has completed. Elapsed time 00:57:56
15:44: Traces Found: 57
15:50: Removal process initiated
15:50: Quarantining All Traces: potentially rootkit-masked files
15:50: potentially rootkit-masked files is in use. It will be removed on reboot.
15:50: ptiiint5.sys is in use. It will be removed on reboot.
15:50: docpsetu.exe is in use. It will be removed on reboot.
15:50: digfco40.exe is in use. It will be removed on reboot.
15:50: csraffic.exe is in use. It will be removed on reboot.
15:50: data.bin is in use. It will be removed on reboot.
15:50: ace.dll is in use. It will be removed on reboot.
15:50: ai_20-11-2005.log is in use. It will be removed on reboot.
15:50: ai_21-11-2005.log is in use. It will be removed on reboot.
15:50: Quarantining All Traces: clearsearch
15:50: Quarantining All Traces: cws-aboutblank
15:50: Quarantining All Traces: sc-keylog
15:50: Quarantining All Traces: ufp 007 spy
15:50: Quarantining All Traces: adlogix
15:50: Quarantining All Traces: apropos
15:51: apropos is in use. It will be removed on reboot.
15:51: wingenerics.dll is in use. It will be removed on reboot.
15:51: Quarantining All Traces: coolwebsearch (cws)
15:51: Quarantining All Traces: globaldialer
15:51: Quarantining All Traces: icannnews
15:51: icannnews is in use. It will be removed on reboot.
15:51: C:\WINDOWS\system32\trolhelp.dll is in use. It will be removed on reboot.
15:51: C:\WINDOWS\system32\kt8sl7l71.dll is in use. It will be removed on reboot.
15:51: Quarantining All Traces: media-motor
15:51: Quarantining All Traces: minigolf
15:51: Quarantining All Traces: sidesearch
15:51: Quarantining All Traces: tvmedia
15:51: Quarantining All Traces: a cookie
15:51: Quarantining All Traces: about cookie
15:51: Quarantining All Traces: affiliatefuel.com cookie
15:51: Quarantining All Traces: atwola cookie
15:51: Quarantining All Traces: ccbill cookie
15:51: Quarantining All Traces: centralmedia cookie
15:51: Quarantining All Traces: enhance cookie
15:51: Quarantining All Traces: primaryads cookie
15:51: Quarantining All Traces: sex cookie
15:51: Quarantining All Traces: spywarestormer cookie
15:51: Quarantining All Traces: tickle cookie
15:51: Quarantining All Traces: ugo cookie
15:51: Quarantining All Traces: www.mature-post cookie
15:51: Quarantining All Traces: xiti cookie
15:51: Quarantining All Traces: yadro cookie
15:51: Warning: Launched explorer.exe
15:51: Warning: Quarantine process could not restart Explorer.
15:52: Preparing to restart your computer. Please wait...
15:52: Removal process completed. Elapsed time 00:02:41
********
14:43: | Start of Session, 21 November 2005 |
14:43: Spy Sweeper started
14:46: | End of Session, 21 November 2005 |
0
Shazy,Looks like you may have another baddie called appropos. This usually fixes it. Download http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.
Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon
appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop.
Open the aproposfix folder on your desktop and run RunThis.bat. Follow the
prompts.When the tool is finished, please reboot back into normal mode, and post a HijackThis
log, along with the entire contents of the log.txt file in the aproposfix folder.
0
jabuck thanxs for your help much appreciated this is the hijack this log then il post the log for apropsfix log
Logfile of HijackThis v1.97.7
Scan saved at 20:17:23, on 22/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Voyager100Test\fts.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\My Downloads\hjt\HijackThis.exeO2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Voyager100Test\fts.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131144669390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEA910FE-7885-4AA5-8B52-774F89693E5D}: NameServer = 205.188.146.145
0
this is the log for apropsfix
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\Owner\Desktop\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CzPj6A3nhkFD]
@="f6Cb6D5JKKJKKLKF16 .P3JKKJZMKtfkaltpKBHBC\\5QPK A1E\\ABK8C1116CSLBHB"
"Device"="\\\\.\\windf2k"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\ptiiint5.sys"
"DriverName"="IntEnum"
"HideUninstallerName"="C:\\Program Files\\Spystroy\\docpsetu.exe"
"HDll"="C:\\WINDOWS\\system32\\boofco40.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.LAV"
"InstallationId"="{Xf24c5f0-c29f-4147-31cf-0421206265dd}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Spystroy\\digfco40.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\csraffic.exe"
"Version"="2.0.128"
"LastAURestoreMsgTS"="2005:11:20-13:04:33:390"
************
Removing hidden service:
Service IntEnum removed.
Removing hidden folder:
Deletion of folder Spystroy succeeded!
Deleting files:
Deletion of file C:\WINDOWS\system32\drivers\ptiiint5.sys succeeded!
Deletion of file C:\WINDOWS\system32\csraffic.exe succeeded!
Deletion of file C:\WINDOWS\system32\boofco40.dll succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CzPj6A3nhkFD]
[-HKEY_LOCAL_MACHINE\Software\CzPj6A3nhkFD]
Done!
Finished!
0
Shazy,That got rid of apropos,looks very good, Spywareblaster has about 1600 items in the latest update, maybe this is one of them so update it if you haven't.
You are using an older version of Hijack This so if possible download the newest version at this link http://www.tomcoyote.org/hjt/ and post a new log. The 018,019,020,021,022,023 items are not viewable in the older version.
0
Logfile of HijackThis v1.99.1
Scan saved at 11:51:35, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Voyager100Test\fts.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\My Downloads\hijackthis\HijackThis.exeO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Voyager100Test\fts.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131144669390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEA910FE-7885-4AA5-8B52-774F89693E5D}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\p04u0ah9ed4.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Shazy,Run the Ht sacn again, close all browsers and windows except HT, place a ckeck to the left of these items and press "fix checked".
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\p04u0ah9ed4.dll (file missing)
That should have you clean
Run Spysweeper and post a log if you want to.
0
hello there.. i am also facing similar problems and after reading the comments here in this forum i have done as directed.. but still i m getting some pop ups in IE and FireFox both. i m running adwatch pro which is blocking and keeping a log of all the popups in IE but is unable to block the pop ups in Firefox. besides i ran a sweep with spy sweeper, online scan from trendmicro.com, and i m using microsoft antispyware.. even then there r pop ups...
any help would great saviour for me.
elf
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
