Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Very Strange Adware Instalation

  • Please log in to reply
2 replies to this topic

#1 solidh20


  • Members
  • 2 posts
  • Local time:07:59 PM

Posted 24 April 2006 - 06:49 AM

So typically I don't get any spyware/adware on my computer. I'm really carefull, have an up to date antii virus and anti spyware. somehow yesterday I started getting popups a LOT though. My antivirus ( Trend Micro) says that there are no viruses and no spyware. The strange thing with that though is that the spyware check finished almost immediately instead of taking a while to scan the whole drive.

I ran hijack this and below are the results. usually when I do get something like this on my computer it takes me about an hr or so tops to get it fixed, but I spent most of yesterday playing with it and still nothing. Something else weird, I have updates for office 2003, but it won't let me install them now. I dont' know if it's related, but just in case...

Any suggestions?


Logfile of HijackThis v1.99.1
Scan saved at 6:38:18 AM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\ir62l5jo1.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

BC AdBot (Login to Remove)


#2 solidh20

  • Topic Starter

  • Members
  • 2 posts
  • Local time:07:59 PM

Posted 24 April 2006 - 08:59 AM

I also just noticed that whenever I clear open my hosts file the following entries are added. When I remove them and close, then re-open, the entries are back every time. sds-qckads.com status.qckads.com www.qoolaid.com www.qoologic.com www.CLKPrecision.com www.urllogic.com www.clkoptimizer.com www.isearch.com isearch.com www.idownload.com idownload.com www.mytotalsearch.com mytotalsearch.com www.lop.com lop.com www.websearch.com websearch.com www.page-not-found.net page-not-found.net www.isearchhere.com isearchhere.com as.adwave.com sr.adwave.com www.adwave.com adwave.com EVENT:HOST: www.pacimedia.com www.exactsearch.net www.contextplus.net

#3 Guest_Cretemonster_*


  • Guests

Posted 24 April 2006 - 05:36 PM

Hi solidh20 and Welcome to the Bleeping Computer!

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

Edited by Cretemonster, 24 April 2006 - 05:36 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users