Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad Ware/Spyware Problems


  • This topic is locked This topic is locked
2 replies to this topic

#1 maltman99

maltman99

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 11 December 2009 - 03:26 AM

Hi all

I've got a problem with ad ware pop up ads, particularly on yahoo. I've downloaded loads of different spywareblasters (spyboy, iobit, ad aware, spyware terminator, zappit, AVG) but none of them seem to solve the problem.

Any ideas gratefully received. HEre is a log from this morning. I am a bit of a novice so step by step advice of what to do would be great.

Thanks for looking.

Cheers

Glenn



Logfile of IObit HijackScan v1.0.0.0
Scan saved at 8:12:32, on 2009-12-11

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\Khost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Spybot
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\RunOnce\: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Sky Broadband; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)" -"http://www.cartoonnetwork.co.uk/show/johnny%20bravo/games/bravo%20volley"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
O9 - Extra button: Sky - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - http://www.sky.com
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - http://www.sky.com
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - http://www.sky.com
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}QuickTime.QuickTime.9 - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}SwCtl.SwCtl.11 - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/download/C/0...heckControl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}SWCtl.SWCtl.11 - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}YInstHelper.YInstStarter.1 - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E}LinkedIn.ContactFinderControl - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC}TheFacebook.FacebookPhotoUploader.1 - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400}SearchEngineQuery.SEQueryObject.1 - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}RuFSI.SymUtility.1 - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}Symantec.DownloadManager.1 - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateWebControl.1 - http://www.update.microsoft.com/microsoftu...b?1200169327374
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F}Btmailcontrol.mailhelper.1 - https://register.btinternet.com/templates/b...lcontrol013.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}TheFacebook.FacebookPhotoUploader5.5.1 - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.4.2_03 - http://java.sun.com/products/plugin/autodl...indows-i586.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Java Plug-in 1.4.2_03 - http://java.sun.com/products/plugin/autodl...indows-i586.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4}Uploader.PB_Uploader.1 - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679}CRLOCX.CRLDownloadWrapper.1 - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}Atlcom.get_atlcom - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}Btwebcontrol.webhelper.1 - https://register.btinternet.com/templates/b...bcontrol024.cab
O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService (DSBrokerService) - Unknown - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: KService (KService) - Unknown - C:\Program Files\Kontiki\KService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 22 December 2009 - 02:04 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 27 December 2009 - 12:22 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users