Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So Annoyinh Pop-ups Please Help


  • Please log in to reply
2 replies to this topic

#1 spice

spice

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 14 November 2007 - 08:44 AM

Hey all..

In 3 days I am going to go outside my country to study and I have to take my pc with me, and now I am so dissapointed and and mad from annoying pop-ups that keep showing like an original windows xp notifcation but it's not... keep tell me one at a time sometimes I have malware sometimes I have PSW.x.VIRtrojan.PSW. and Spyware 32x and keep showing message that shows "best selling anti virus"
I am so dissapointed and I need to fix it as soon as possible.
I downloaded ad aware 2007 and AVG Spyware
they didnt work
and my anti virus is "Kaspersky internet security"

Please people someone help me cause I am so lost . :thumbsup:

and also there is this suspicious programme in my programmes directory called "c:\program files\bonjour\mdnsnsp.dll" I tried to delete but it say it is being used by another user.

Edited by spice, 14 November 2007 - 08:47 AM.


BC AdBot (Login to Remove)

 


#2 spice

spice
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 14 November 2007 - 10:30 AM

this is the Hijack log but I dont know what to do next

SmitFraudFix v2.253

Scan done at 17:23:50.59, Wed 11/14/2007
Run from C:\Documents and Settings\Administrator\Desktop\1\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\winshow.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.719\Crack\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\agrrwloa.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Administrator


C:\Documents and Settings\Administrator\Application Data


Start Menu


C:\DOCUME~1\ADMINI~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~1\\kasper~1\\kasper~2.0\\adialhk.dll"


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.38.128.2
DNS Server Search Order: 212.38.128.3

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0BB0082E-1C85-417B-AA38-B0CFEE5D1D19}: NameServer=212.38.128.2 212.38.128.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1F8BFAAF-F39A-4B3E-B51C-D541CD5CF6AB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0BB0082E-1C85-417B-AA38-B0CFEE5D1D19}: NameServer=212.38.128.2 212.38.128.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F8BFAAF-F39A-4B3E-B51C-D541CD5CF6AB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0BB0082E-1C85-417B-AA38-B0CFEE5D1D19}: NameServer=212.38.128.2 212.38.128.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1F8BFAAF-F39A-4B3E-B51C-D541CD5CF6AB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0BB0082E-1C85-417B-AA38-B0CFEE5D1D19}: NameServer=212.38.128.2 212.38.128.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1F8BFAAF-F39A-4B3E-B51C-D541CD5CF6AB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Scanning for wininet.dll infection


End

#3 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:57 AM

Posted 28 November 2007 - 06:31 AM

Hi spice, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Follow the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks for your patience! :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users