Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

pop ups like crazy....

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

pop ups like crazy....

Unread postby level18barbarian » December 10th, 2008, 8:33 pm

hello, i have been getting pop-ups like crazy, and hearing a mouse clicky sound recently after a p2p file got dinged by my AntiVir program......it only pops up in the Internet Explorer windows, not in the Mozilla windows.

==============================================================================================
Log :pirate:
==============================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:33 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
H:\WINDOWS\ehome\ehtray.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\WINDOWS\system32\RunDll32.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Creative\ShareDLL\MediaDet.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\System32\regsvr32.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\WINDOWS\eHome\ehSched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\dllhost.exe
H:\WINDOWS\eHome\ehmsas.exe
H:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: adsoftinc browser enhancer - {1DE7BE94-439A-CC01-C980-1249190F2582} - H:\WINDOWS\system32\lfxnblocspuodtpj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: adsoftinc - {a827e29e-c025-a5b8-6027-523a4456fc88} - H:\WINDOWS\system32\nsu270.dll
O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bcmnmoblkopk] H:\WINDOWS\System32\regsvr32.exe /s "H:\WINDOWS\system32\lfxnblocspuodtpj.dll"
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5984 bytes

============================================================================================
any help would be appreciated
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Top
Advertisement
Register to Remove

Re: pop ups like crazy....

Unread postby Noviciate » December 11th, 2008, 8:07 pm

Run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.
User avatar
Noviciate
MRU Master
MRU Master
 
Posts: 6283
Joined: May 25th, 2005, 4:41 pm
Location: Numpty HQ
Top

Re: pop ups like crazy....

Unread postby level18barbarian » December 11th, 2008, 11:13 pm

Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Athlon 64 Processor Driver
Avira AntiVir Premium
BioShock
Bonjour
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Collab
Contextual Platform Adsoftinc
DAOC-Charplan
EVGA Display Driver
FL Studio 8
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IL Download Manager
iTunes
Java(TM) 6 Update 7
LimeWire 4.18.8
Line 6 Uninstaller
Live 5.2.2
Microsoft .NET Framework 2.0
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
Nero Suite
NVIDIA Drivers
NVIDIA PhysX v8.09.04
PoiZone
QuickTime
Realtek AC'97 Audio
RON Tool Adsoftinc
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Sound Blaster Extigy
Toxic Biohazard
Unreal Tournament
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows XP Service Pack 3
WinRAR archiver :profileleft:
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Top

Re: pop ups like crazy....

Unread postby Noviciate » December 12th, 2008, 4:01 pm

I see from your log that you have Limewire installed. Our policy here with regard to P2P can be found here. You will need to uninstall this as it is an infection vector and we don't need the extra work that these programs bring.

Once you've done that, do this:

Pay a visit to the Kaspersky Online Scanner 7 - I.E. is preferred for this scan.
  • Read the Information panel and then click Accept.
  • Allow the ActiveX download if necessary.
  • Both the anti-virus engine and database will need to be downloaded, which may take a little time.
  • Once this has been completed, select My Computer from the Scan section on the left hand side.
  • Put the kettle on!
  • Although it is recommended by Kaspersky that you should disable your anti-virus scanner before starting this scan, it should work OK with it still active - it does on my PC.
    Although you may find the scan speed increases if you carry out this step, I never like to disable my resident scanner while online, so I don't.
  • When the scan has completed, click View scan report at the bottom.
  • Click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save and pick a location for the file - the Desktop is always handy.
Copy and paste the report into your next reply along with a fresh HJT log, run in Normal Mode, and a description of how your PC is behaving.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
User avatar
Noviciate
MRU Master
MRU Master
 
Posts: 6283
Joined: May 25th, 2005, 4:41 pm
Location: Numpty HQ
Top

Re: pop ups like crazy....

Unread postby level18barbarian » December 15th, 2008, 1:45 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:00 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
H:\WINDOWS\ehome\ehtray.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\WINDOWS\system32\RunDll32.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Creative\ShareDLL\MediaDet.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\WINDOWS\eHome\ehSched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\dllhost.exe
H:\WINDOWS\eHome\ehmsas.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\WINDOWS\System32\regsvr32.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
H:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
H:\WINDOWS\explorer.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Java\jre6\bin\java.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: adsoftinc browser enhancer - {1DE7BE94-439A-CC01-C980-1249190F2582} - H:\WINDOWS\system32\lfxnblocspuodtpj.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: adsoftinc - {a827e29e-c025-a5b8-6027-523a4456fc88} - H:\WINDOWS\system32\nsu270.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bcmnmoblkopk] H:\WINDOWS\System32\regsvr32.exe /s "H:\WINDOWS\system32\lfxnblocspuodtpj.dll"
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6244 bytes

======================================================================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 16:21:25
Records in database: 1460860
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 335732
Threat name: 2
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 10:38:22


File name / Threat name / Threats count
iexplore.exe\lfxnblocspuodtpj.dll/iexplore.exe\lfxnblocspuodtpj.dll Infected: Trojan.Win32.Agent.asjk 2
H:\WINDOWS\system32\lfxnblocspuodtpj.dll/H:\WINDOWS\system32\lfxnblocspuodtpj.dll Infected: Trojan.Win32.Agent.asjk 3
regsvr32.exe\lfxnblocspuodtpj.dll/regsvr32.exe\lfxnblocspuodtpj.dll Infected: Trojan.Win32.Agent.asjk 1
C:\RECYCLER\S-1-5-21-823518204-651377827-725345543-1003\Dc21.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-823518204-651377827-725345543-1003\Dc45.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-823518204-651377827-725345543-1003\Dc74.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Documents and Settings\chris manley\Local Settings\Temporary Internet Files\Content.IE5\3Z1VRLGW\2[1].exe Infected: Trojan.Win32.Agent.asjk 1
H:\Documents and Settings\chris manley\Local Settings\Temporary Internet Files\Content.IE5\I36BYHUN\36[1].exe Infected: Trojan.Win32.Agent.asjk 1
H:\WINDOWS\nohh06760.exe Infected: Trojan.Win32.Agent.asjk 1
H:\WINDOWS\system32\lfxnblocspuodtpj.dll Infected: Trojan.Win32.Agent.asjk 1

The selected area was scanned.


yikes!!!
:blackeye: :blackeye:
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Top

Re: pop ups like crazy....

Unread postby Noviciate » December 15th, 2008, 3:38 pm

Download Malwarebytes' Anti-Malware from here and save it to your Desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh HJT log (run in Normal Mode) AND a description of how your PC is behaving.
User avatar
Noviciate
MRU Master
MRU Master
 
Posts: 6283
Joined: May 25th, 2005, 4:41 pm
Location: Numpty HQ
Top

Re: pop ups like crazy....

Unread postby level18barbarian » December 16th, 2008, 10:34 am

:cheers:

Malwarebytes' Anti-Malware 1.31
Database version: 1505
Windows 5.1.2600 Service Pack 3

12/16/2008 6:01:35 AM
mbam-log-2008-12-16 (06-01-35).txt

Scan type: Full Scan (D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 117854
Time elapsed: 38 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1de7be94-439a-cc01-c980-1249190f2582} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1de7be94-439a-cc01-c980-1249190f2582} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a827e29e-c025-a5b8-6027-523a4456fc88} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a827e29e-c025-a5b8-6027-523a4456fc88} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bcmnmoblkopk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
H:\WINDOWS\system32\lfxnblocspuodtpj.dll (Trojan.Agent) -> Delete on reboot.
H:\WINDOWS\system32\nsu270.dll (Adware.BHO) -> Quarantined and deleted successfully.

========================================================================================================================================================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:02 AM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
H:\WINDOWS\ehome\ehtray.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\WINDOWS\system32\RunDll32.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Creative\ShareDLL\MediaDet.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\WINDOWS\eHome\ehSched.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\dllhost.exe
H:\WINDOWS\eHome\ehmsas.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5735 bytes

========================================================================================================================================================================================

seems good 2 go, ran the scan overnite, removed checked this morning, took a shower as the box rebooted....came back clean.......no pop ups, yesterday i would have haxe 5 or 6 just while typing this reply. thanks alot

:cheers: :cheers: :cheers: :cheers: :cheers: :cheers: :cheers: :cheers: :cheers: :cheers: :cheers: :cheers:
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Top

Re: pop ups like crazy....

Unread postby Noviciate » December 16th, 2008, 3:40 pm

OK, i'd like you to run the PC for a day or two and give it a good workout. Then post one last HJT log and let me know if everything is still running smoothly.
User avatar
Noviciate
MRU Master
MRU Master
 
Posts: 6283
Joined: May 25th, 2005, 4:41 pm
Location: Numpty HQ
Top

Re: pop ups like crazy....

Unread postby level18barbarian » December 19th, 2008, 1:37 pm

my internet has been down for a few days now, so obviously no pop ups.....gonna give it i look wen i get home this weekend...
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Top

Re: pop ups like crazy....

Unread postby level18barbarian » December 20th, 2008, 8:28 pm

kk, back online.......heres the log, and i still get pop ups but alot less.
==============================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:22 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
H:\WINDOWS\ehome\ehtray.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\WINDOWS\system32\RunDll32.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Creative\ShareDLL\MediaDet.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\WINDOWS\eHome\ehSched.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
H:\WINDOWS\system32\dllhost.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\eHome\ehmsas.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5752 bytes
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Top

Re: pop ups like crazy....

Unread postby Noviciate » December 21st, 2008, 12:14 pm

Given that you reported that you didn't have pop-ups after running MBAM, are these the same ones that you had before, or are they different? What can you tell me about them - do they point to a certain site or reference something in particular?
User avatar
Noviciate
MRU Master
MRU Master
 
Posts: 6283
Joined: May 25th, 2005, 4:41 pm
Location: Numpty HQ
Top

Re: pop ups like crazy....

Unread postby level18barbarian » December 22nd, 2008, 11:01 am

they dont seem to point to anything particular......
they either say:

Contextual Ads By Adsoftinc....
or RON....................................
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Top

Re: pop ups like crazy....

Unread postby Noviciate » December 22nd, 2008, 3:41 pm

Given that you reported that you didn't have pop-ups after running MBAM, are these the same ones that you had before, or are they different?

This may be important.
User avatar
Noviciate
MRU Master
MRU Master
 
Posts: 6283
Joined: May 25th, 2005, 4:41 pm
Location: Numpty HQ
Top

Re: pop ups like crazy....

Unread postby level18barbarian » December 22nd, 2008, 5:47 pm

the same, they always say by Adsoftinc.....or RON somthing somthing somthing....
but i get alot less its wierd.....i'll run it for awhile online and see what happens
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Top

Re: pop ups like crazy....

Unread postby Noviciate » December 22nd, 2008, 5:59 pm

Download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

Double click gmer.exe to begin:
  • If you get a message about "system modification", click Yes and work through the rest of the instructions.
  • Ensure that the Rootkit Tab at the top is selected.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click the Scan button on the right.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Copy button underneath - this will save the report to your Clipboard.
  • Paste it into Notepad (Start > All Programs > Accessories > Notepad) and save it somewhere convenient.
  • Click the >>> Tab at the top and select the Autostart Tab.
  • Click the Scan button on the right - this one should only take seconds to complete.
  • Save the log as before.
Copy and paste both reports into your next reply - you may need to post them separately.
The Preview option may show the whole logs being posted, but they sometimes get cut down when the actual post is made, so check the post once it is completed.
User avatar
Noviciate
MRU Master
MRU Master
 
Posts: 6283
Joined: May 25th, 2005, 4:41 pm
Location: Numpty HQ
Top
Advertisement
Register to Remove
Next
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 440 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index