Author Topic: Pop-ups, Adware, Spyware Problems (Read 1662 times)

iceman3205 · « **on:** November 30, 2005, 06:03:48 PM »

I'm fixing my girlfriends laptop, it had some serious problems. I've made all updates (she was quite behind), deleted unwanted programs, and run ad-aware several times, but she still gets several pop-ups and when searching on yahoo the first 4 sites are ads. Here's the Hijack log, if anyone can help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:54:44 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\msoert2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\198_150_ni_2.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Tiff\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [4wS9wWq70] C:\documents and settings\tiff\local settings\temp\4wS9wWq70.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MtyJ62F.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [yvTg.exe] c:\windows\system32\yvTg.exe
O4 - HKLM\..\Run: [M60ZA] C:\windows\system32\M60ZA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [cabinet] C:\WINDOWS\System32\cabinet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [197_150_ni_4] C:\WINDOWS\System32\197_150_ni_4.exe
O4 - HKCU\..\Run: [198_150_ni_2] C:\WINDOWS\System32\198_150_ni_2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121998212653
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: msoert2 - Unknown owner - C:\WINDOWS\system32\msoert2.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

guestolo · « **Reply #1 on:** November 30, 2005, 07:45:51 PM »

I would like to see another log before we try any fixes
Could you create a folder for hijackthis please
Right click an empty spot on the desktop, left click
NEW>>>Folder
Name the new folder HJT

Now right click and CUT and PASTE
Hijackthis.exe on the desktop to that new folder
Now we have a folder for hijackthis and it's backups

Could you open Hijackthis 1.99.1
Click on "Open Misc tools section"
Click on "Uninstall manager"
Click the "SAVE LIST" button
Save the list to desktop and then copy and paste the Whole contents back here

Can you also do the following
Can you go to this site
Jotti's Online Malware scan
Give this site time to load if busy

Use the browse button and navigate to theses file on your hard drive
C:\WINDOWS\system32\msoert2.exe
C:\WINDOWS\System32\198_150_ni_2.exe

Right click on each seperately and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scans back here please

iceman3205 · « **Reply #2 on:** November 30, 2005, 09:03:04 PM »

Thanks for the quick reply here is the info you requested:

Uninstall List
ABC World
Ad-Aware SE Personal
Adobe Acrobat Reader 3.01
Adobe Reader 7.0
Alt Win
ArcSoft PhotoImpression
ATI Control Panel
ATI Display Driver
Broadcom Advanced Control Suite
ComcastSUPPORT
Content Delivery Module
Context Display
DAO
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (766)
DVDSentry
EarthLink Setup Files
Easy CD Creator 5 Basic
HijackThis 1.99.1
Image Transfer
ImageMixer for Sony
Internet Explorer Q903235
InterVideo WinDVD
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Lexmark Supplies Monitor
Lexmark Z25-Z35
LimeWire 4.9.17
McAfee.com SecurityCenter
McAfee.com VirusScan Online
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
Modem Helper
Odyssey Client
Paint Shop Pro 7
PCTEL 2304WT V.92 MDC Modem Drivers
QuickSet
QuickTime
RealOne Player
Recommended Hotfix - 421701D
RON Display
Screensavers Installer
Search Aid
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shockwave
Sony USB Driver
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player (Remove Only)
Web Browser Component Manager
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Wireless-G Notebook Adapter

File: msoert2.exe
Status: INFECTED/MALWARE
MD5 09235c23113ceaa11aa166160b0117e9
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.AAQ
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Embedded.Trojan.DownLoader.3835 (probable variant)

File: 198_150_ni_2.exe
Status: INFECTED/MALWARE
MD5 c0862ea676c24075db1e421c0f4fd1ba
Packers detected: -
Scanner results
AntiVir Found Trojan/Dldr.Agent.am.3
ArcaVir Found Trojan.Downloader.Agent.Am
Avast Found Win32:Trojano-2773
AVG Antivirus Found Downloader.Agent.AOC
BitDefender Found Trojan.Downloader.Agent.AM
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.5258
F-Prot Antivirus Found nothing
Fortinet Found W32/Agent.AM-tr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.am
NOD32 Found Win32/TrojanDownloader.Agent.AM
Norman Virus Control Found W32/Agent.IZM
UNA Found nothing
VBA32 Found Trojan.Win32.TrojanDownloader.Agent.AM

guestolo · « **Reply #3 on:** November 30, 2005, 11:03:43 PM »

Can you do the following please

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Download and Install Spybot 1.4 from
HERE
or HERE
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Don't run a scan yet
If you get a bad checksum error when updating
Search for updates again and try a different download location from the drop down menu

Please download PeperFix from here:
http://downloads.subratam.org/PeperFix.exe
Save it to the desktop
Don't run it yet

Please save these instructions to a Notepad file and save it to your Desktop for reference
Or Print this out

Do another scan with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)

O4 - HKLM\..\Run: [4wS9wWq70] C:\documents and settings\tiff\local settings\temp\4wS9wWq70.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MtyJ62F.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [yvTg.exe] c:\windows\system32\yvTg.exe
O4 - HKLM\..\Run: [M60ZA] C:\windows\system32\M60ZA.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [cabinet] C:\WINDOWS\System32\cabinet.exe

O4 - HKCU\..\Run: [197_150_ni_4] C:\WINDOWS\System32\197_150_ni_4.exe
O4 - HKCU\..\Run: [198_150_ni_2] C:\WINDOWS\System32\198_150_ni_2.exe

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O23 - Service: msoert2 - Unknown owner - C:\WINDOWS\system32\msoert2.exe

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open PeperFix.exe
Click "Find and Fix" to scan your system for the Peper trojan, and allow PeperFix to remove all infected files

Reboot your computer into Safe mode
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Select Safe mode from the Startup menu

Go to START>>RUN>>In the open field
Copy and paste, or type in exactly the following line in bold
Then hit OK

sc delete "msoert2"

Access the add/remove programs via Control Panel and remove any of the following if you can
Alt Win
Context Display
RON Display
Search Aid
Viewpoint Media Player (Remove Only)

Find and delete these files if found
c:\windows\system32\yvTg.exe <-file
C:\windows\system32\M60ZA.exe
C:\WINDOWS\System32\197_150_ni_4.exe
C:\WINDOWS\System32\198_150_ni_2.exe
C:\WINDOWS\system32\msoert2.exe

Stay in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Open Spybot 1.4
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer back to Normal mode

Back in Windows can you post the following
1. A fresh hijackthis log
2. The full report from Ewido's

Could you also, open Ad-Aware
Under Initialization Status click on DETAILS
Let me know Reference number and Internal build

iceman3205 · « **Reply #4 on:** December 01, 2005, 10:54:27 AM »

Here's the requested:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:52 AM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tiff\Desktop\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121998212653
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         10:39:27 AM, 12/1/2005
+ Report-Checksum:      30B54DD

+ Scan result:

   HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
   HKLM\SOFTWARE\IEagent -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\IEagent\143 -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\IEagent\206 -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\IEagent\339 -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\IEagent\348 -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\IEagent\387 -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\IEagent\675 -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\IEagent\757 -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Spyware.BargainBuddy : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Spyware.BargainBuddy : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Spyware.NaviSearch : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Spyware.NaviSearch : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Spyware.NaviSearch : Cleaned with backup
   HKU\S-1-5-21-1151433021-849286302-1419762223-1007\Software\Updater -> Spyware.KeenValue : Cleaned with backup
   C:\!PeperFix\Cpc5Y.exe -> Downloader.VB.em : Cleaned with backup
   C:\!PeperFix\FcrS9kOQ.exe -> Downloader.VB.em : Cleaned with backup
   C:\!PeperFix\Jximo.exe -> Downloader.VB.em : Cleaned with backup
   C:\!PeperFix\Nvr0A.exe -> Downloader.VB.em : Cleaned with backup
   C:\!PeperFix\Yvyt10.exe -> Downloader.VB.em : Cleaned with backup
   C:\Documents and Settings\Tiff\Desktop\HJT\backups\backup-20051201-092039-575.dll -> Spyware.Comet : Cleaned with backup
   C:\Documents and Settings\Tiff\xDESRQPNTFL.exe -> Downloader.Agent.am : Cleaned with backup
   C:\Documents and Settings\Tiff\xJJJSPDGVAT.exe -> Downloader.Agent.am : Cleaned with backup
   C:\Program Files\inscdm\rxctjdjfbg.exe -> Spyware.SmartPops : Cleaned with backup
   C:\Program Files\Lycos\IEagent\A_ClearSearch.DLL -> Spyware.ClearSearch : Cleaned with backup
   C:\Program Files\Lycos\IEagent\csAOLldr.exe -> Spyware.ClearSearch : Cleaned with backup
   C:\Program Files\Lycos\IEagent\CSIE.DLL -> Spyware.ClearSearch : Cleaned with backup
   C:\Program Files\Lycos\IEagent\IEagent1\IEagent1.dll -> Spyware.ClearSearch : Cleaned with backup
   C:\Program Files\Lycos\IEagent\IEagent1\IEagent1.exe -> Spyware.ClearSearch : Cleaned with backup
   C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Downloader.Small.apm : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP272\A0043443.exe -> Downloader.Agent.am : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP284\A0045818.exe -> Dropper.Small.aiv : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP285\A0046844.exe -> Dropper.Small.aiv : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP297\A0049547.exe -> Downloader.Agent.wd : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP298\A0049582.dll -> Spyware.Comet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP298\A0049584.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP298\A0049585.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP298\A0049586.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP298\A0049587.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP298\A0049588.exe -> Downloader.VB.em : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP298\A0049630.exe -> Downloader.Agent.am : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP298\A0049634.exe -> Downloader.Small : Cleaned with backup
   C:\temporary\aun_0032.exe -> Downloader.Small.akz : Cleaned with backup
   C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ADBN3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ADTMI1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIB9894.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIC29667.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASID12180.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIE17070.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIF29819.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIF4502.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIFA15376.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIFWH29233.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIG21943.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIGT10102.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIH21180.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIH7853.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASII21469.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIL18549.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASILS29399.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIM4381.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIM9740.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIOG19375.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIOT25456.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIPF1965.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIR21184.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIRE20082.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIS24110.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIS31590.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIT17011.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIT26116.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIW11211.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIWS3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\AUTOS2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\CARD2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\CARS3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\CASH2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\DATE4.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\DEBT1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\DENT1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\EML1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FAST1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FINC3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FINC5.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FLWR1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FMND1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\HEAL5.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\HEBE3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\HERBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\HOGAR3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\INSUR4.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\JOBS4.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\MORT4.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\MOVS2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\NEWS2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\OPPR3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\SHOP2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\SPEC1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TECH2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TMP3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TRVL6.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TVEN1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TVMX.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\UTONE2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\VENUE1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\WOMEN2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\WWW3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\svrrun.exe -> Trojan.QuickBrowser.b : Cleaned with backup
   C:\WINDOWS\SYSTEM32\dgi.exe -> Trojan.SecondThought.ak : Cleaned with backup
   C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\SYSTEM32\julie.exe -> Spyware.VB.c : Cleaned with backup
   C:\WINDOWS\SYSTEM32\rtneg3.dll -> Spyware.Beginto : Cleaned with backup
   C:\WINDOWS\SYSTEM32\test.bmp -> Trojan.Small : Cleaned with backup

::Report End

ad-aware
Reference Number : SE1R75 15.11.2005
Internal build : 87

guestolo · « **Reply #5 on:** December 01, 2005, 07:31:15 PM »

How's everything on your end now?
Any more popups?

Among other bad guys, I haven't seen the Peper trojan around for awhile
Is McAfee's kept right up to date?

iceman3205 · « **Reply #6 on:** December 02, 2005, 03:59:21 PM »

Computer is running better now thanks, but still getting a few pop-ups, any other ideas?

guestolo · « **Reply #7 on:** December 02, 2005, 11:48:59 PM »

Can you let me know where the popups are coming from please
What are they advertising?
Any clues would be nice

TheTechGuide Forum

News:

Author Topic: Pop-ups, Adware, Spyware Problems (Read 1662 times)

iceman3205

Pop-ups, Adware, Spyware Problems

guestolo

Pop-ups, Adware, Spyware Problems

iceman3205

Pop-ups, Adware, Spyware Problems

guestolo

Pop-ups, Adware, Spyware Problems

iceman3205

Pop-ups, Adware, Spyware Problems

guestolo

Pop-ups, Adware, Spyware Problems

iceman3205

Pop-ups, Adware, Spyware Problems

guestolo

Pop-ups, Adware, Spyware Problems