Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked, Cant Get Rid Off Popups To Antispyware S/w


  • Please log in to reply
1 reply to this topic

#1 danlad79uk

danlad79uk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 25 May 2006 - 12:49 AM

Hi there, hope someone can help please. My browser was hijacked and i kept getting timed popups lots of them directing to winantivirus2006 or something like that, also it would say i am infected with the backtera virus. I have used ad-aware and spybot search and destroy, and then bit defender anti virus. But i keep getting the popups. I ran hijackthis, and tried removing anything that looked like viruses, such as sidekick which i think is the culprit? but to no avail, can someone please have a look, thnx in advance, ive been stuck on it for days i could cry :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 06:45:57, on 25/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\WINTAS~1\Bin\SchedSrv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\WINTAS~1\Bin\SchedInd.exe
E:\Program Files\Trust\3010A WIRELESS DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\bcmwltry.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\mobsync.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [WTIndicator] C:\PROGRA~1\WINTAS~1\Bin\SchedInd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OFFICEKB] e:\Program Files\Trust\3010A WIRELESS DESKSET\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCFB9C56-976D-4CF5-BFE9-90C0DCE2C7D1}: NameServer = 158.43.240.4,158.43.240.3
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINNT\system32\i024lafq1d2e.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINNT\system32\mlasn1.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: WTScheduler - Unknown owner - C:\PROGRA~1\WINTAS~1\Bin\SchedSrv.exe

BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:06:50 AM

Posted 26 May 2006 - 03:47 PM

Please download Look2Me-Destroyer.exe to your desktop.

* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users