Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Adware Popuper


  • Please log in to reply
1 reply to this topic

#1 Tove Gustafsson

Tove Gustafsson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 11 January 2006 - 02:36 PM

Hi,

I hope someone will be able to help me. I've managed to get some kind of software installed on my computer that keeps ads popping up constantly when I'm connected to the Internet.

I've tried usng the following software (most of them recommended on the web page) to remove it:
- SpySheriff
- Spybot
- Housecall
- Bitdefender
- Norton antivirus
- McAffe Stinger
- Ewido
- AdAware SE

Nothing seems to help. :thumbsup:

I've run HijackThis and below is the log file. It would be really great if someone could give me some advice.

Thanks,
Tove

Logfile of HijackThis v1.99.1
Scan saved at 20:24:30, on 2006-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network ICE\BlackICE\blackd.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\winlogon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ICO.EXE
D:\WINDOWS\system32\EXSHOW95.EXE
D:\WINDOWS\system32\Pelmiced.exe
D:\WINDOWS\system32\wbsecsvc.exe
D:\WINDOWS\system32\EXSHOW.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\ltmoh\Ltmoh.exe
D:\Program Files\OSD\OSD.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\WINDOWS\system32\VTTimer.exe
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\windows\banmanpro.exe
D:\WINDOWS\smss.exe
D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
D:\Program Files\WinFixer 2006\wwfx6.exe
D:\Program Files\WinFixer 2006\wfxcwr.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
D:\Program Files\winbond\w89c33\wwu.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] D:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [OSD] D:\Program Files\OSD\OSD.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [MMTray] D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] D:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] D:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [WinFixer] D:\Program Files\WinFixer 2006\wwfx6.exe /min
O4 - HKLM\..\Run: [WinFixer helper] D:\Program Files\WinFixer 2006\wfxcwr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [services32] D:\Program Files\Common Files\Windows\mc-110-12-0000228.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O4 - Global Startup: WWU.lnk = D:\Program Files\winbond\w89c33\wwu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123346082898
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: DateTime - D:\WINDOWS\system32\l82s0if7e82.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - D:\WINDOWS\winlogon.exe" -service (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: wbsecsvc - Winbond - D:\WINDOWS\system32\wbsecsvc.exe

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:26 PM

Posted 16 January 2006 - 10:11 AM

Download this program:
submit files packer
past the list of files into the tool.

C:\windows\enewsletterpro.exe
C:\windows\banmanpro.exe
D:\WINDOWS\smss.exe
D:\WINDOWS\winlogon.exe
D:\Program Files\WinFixer 2006\wwfx6.exe /min
D:\Program Files\WinFixer 2006\wfxcwr.exe
D:\Program Files\Common Files\Windows\mc-110-12-0000228.exe


It will create an archive with these files and a small log on the desktop.

Then please go to this forum: http://www.thespykiller.co.uk/forum/index.php?board=1.0
You don't need to be a member to upload the archive!
Just press new topic, fill in the needed details and just give a link to your HijackThis log topic at this forum & then press the browse button and then navigate to & select the archive on your computer, press Post to upload the file.

--------------

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users