Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups


  • Please log in to reply
1 reply to this topic

#1 Hugo Cardenas

Hugo Cardenas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 10 December 2005 - 10:45 PM

There are many Internet Windows that Popup as soon as I start IE. I have tried to remove them by blocking popups and by using SpyBot. I also use CCleaner and my Anti-viris F-Prot. I have used Hijackthis to create a log file. However, I don't actually know what items are good or bad. I am hoping you can help me by taking a look a my log file. I understand it's not that cosher to read log files, but it's quite annoying to live with these internet windows poping ads all over; hence, I have to ask you to skim the log file below. I will appreciate your help. (My operating system is Windows 2000 in Spanish)

Hugo

Logfile of HijackThis v1.99.1
Scan saved at 21:06:08, on 10/12/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Archivos de programa\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Archivos de programa\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Archivos de programa\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [0s0s0raw.dll] RUNDLL32.EXE 0s0s0raw.dll,b 9100636
O4 - HKLM\..\Run: [ntdll.dll] C:\Archivos de programa\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SSS6_Suite] "C:\Archivos de programa\Steganos Security Suite 6\sss.exe" /booting
O4 - HKCU\..\Run: [SSS6_SPM] "C:\Archivos de programa\Steganos Security Suite 6\spm.exe" /booting
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SSS6_ITD] "C:\Archivos de programa\Steganos Security Suite 6\itd.exe" /booting
O4 - HKCU\..\Run: [ntdll.dll] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134252029558
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D99AB3A-A054-49A6-8F9F-72485EADA279}: NameServer = 192.168.1.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\fpl8033ue.dll (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINNT\system32\c4002edmgh0a2.dll
O23 - Service: 80xFire daemon (80xFire) - Unknown owner - C:\WINNT\80xFire.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Archivos de programa\FSI\F-Prot\fpavupdm.exe
O23 - Service: MicroSoft Windowz Update (MsFtUpd) - Unknown owner - C:\WINNT\MsFtUpdateXP.exe
O23 - Service: NetOp Helper ver. 7.65 (2004242) (NetOp Host for NT Service) - Danware Data A/S - C:\Archivos de programa\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINNT\System32\SLEE503.exe
O23 - Service: MicroSoft Windows Command (wincmdxp) - Unknown owner - C:\WINNT\wincmdXP.exe

Email addresses removed to protect you from spambots. ~Joshuacat

Edited by Joshuacat, 10 December 2005 - 10:49 PM.


BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 11 December 2005 - 02:17 PM

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log but first run this also

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

* Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:

1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there to fix it manually.
Do not run the fix portion without fixing the error first.
After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users