Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Pop-ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 GWBO

GWBO

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 23 March 2006 - 07:17 PM

I also am plagued with the problem of unwanted pop-ups. Most of them inform me that I have been infected by the Blackworm Virus, and leading me to amaena.com to buy WinAntiVirus and WinAntiSpyware. Others are web sites for a variety of ads.

Any helping removing this problem would be greatly appreciated.

Thank you.


The following programs did not find or correct this problem:
· AVG Free
· Spybot
· Ad-Aware
· Microsoft Windows Malicious Software Removal Tool
· Windows Defender
-----------------------------------------------------------------------------------------------------------------------------------------------
System Information report:
Item Value
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Manufacturer Gateway
System Model Gateway 7200 Series
System Type X86-based PC
Processor x86 Family 6 Model 10 Stepping 0 AuthenticAMD ~2186 Mhz
BIOS Version/Date Phoenix 57.06.07, 11/16/2004
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
Time Zone Eastern Standard Time
Total Physical Memory 512.50 MB
Available Physical Memory 132.04 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.03 GB
Page File C:\pagefile.sys
-----------------------------------------------------------------------------------------------------------------------------------------------
In the following Hijack log, I have identified, with an x, all the items I do NOT recognize as being installed or used by myself, or required by peripherals.
I use AIRoboForm, LogMeIn, ToddlerKeys, AVG Free Anti-Virus, ScreenPrint32, Google Toolbar, TrayDevil, etc.
Programs I install are placed in the C:\New folder when the installation wizard allows the choice.
-----------------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:50:03 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
x C:\WINDOWS\System32\smss.exe
x C:\WINDOWS\system32\winlogon.exe
x C:\WINDOWS\system32\services.exe
x C:\WINDOWS\system32\lsass.exe
x C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
x C:\WINDOWS\System32\svchost.exe
x C:\WINDOWS\system32\spoolsv.exe
x C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\New\Grisoft\AVGFRE~1\avgcc.exe
C:\New\Grisoft\AVGFRE~1\avgemc.exe
C:\New\LEXMAR~1\ACMonitor_X83.exe
C:\New\LEXMAR~1\AcBtnMgr_X83.exe
C:\New\ScreenPrint32 v3\ScreenPrint32.exe
C:\New\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
x C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
x C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\New\TrayDevil\traydevil.exe
C:\New\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\New\V3CallCenter\V3faxecp.exe
C:\New\ePrompter\ePrompter.exe
C:\New\Toddler Keys\Toddler Keys.exe
C:\New\Grisoft\AVGFRE~1\avgamsvr.exe
C:\New\Grisoft\AVGFRE~1\avgupsvc.exe
x C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
x C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
x C:\WINDOWS\System32\svchost.exe
C:\New\RealVNC\VNC4\WinVNC4.exe
x C:\WINDOWS\System32\wltrysvc.exe
x C:\WINDOWS\System32\bcmwltry.exe
x C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\kmgMalware\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/kmg/Family/HomePage/index.html
x R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
x R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\New\SPYBOT~1\SDHelper.dll
x O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
x O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\cbayv.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\New\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
x O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\New\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\New\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\New\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\New\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\New\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\New\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [CTSysVol] C:\New\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
x O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
x O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TrayDevil] C:\New\TrayDevil\traydevil.exe
O4 - HKCU\..\Run: [RoboForm] "C:\New\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: CallCenter Printer Interface.lnk = C:\New\V3CallCenter\V3faxecp.exe
O4 - Startup: ePrompter.lnk = C:\New\ePrompter\ePrompter.exe
O4 - Startup: Microsoft Works Calendar.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
O4 - Startup: StartUp.lnk = C:\kmg\StartUp.bat
O4 - Startup: Toddler Keys.lnk = ?
O4 - Startup: Windows Explorer.lnk = C:\WINDOWS\explorer.exe
x O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
x O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
x O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\New\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\New\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\New\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
x O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
x O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\New\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\New\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\New\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\New\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\New\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\New\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\New\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\New\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
x O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
x O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
x O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
x O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
x O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
x O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
x O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
x O20 - Winlogon Notify: cbayv - C:\WINDOWS\system32\cbayv.dll
x O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\New\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\New\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
x O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\New\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
x O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
-----------------------------------------------------------------------------------------------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:07 AM

Posted 27 March 2006 - 05:26 PM

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:07 AM

Posted 04 April 2006 - 12:29 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users