PDA

View Full Version : Hijacked and Spybot not helping



velfaires
2006-02-20, 15:18
I've been frantically searching for hours for a solution and I can't come up with any. I've tried spybot, ad-aware, norton... no one seems to be getting rid of my popup problem. I downloaded what was supposed to be a pdf file earlier, it opened and unleashed a flurry of advertising junk on my cpu. I got rid of most of it but it appears (from what I've read of the urls) that the problem has to deal with 7adpower popup hijackings. Please help. I can't work like this and I'm being served ads every 10 seconds ! ! !

It's directing me to these websites :


ecommerc-e.com
www.mediapurchases.com/
www.realcoupon-s.com/
popunder.paypopup.com
zestyfind.com
browserbuy-out.com
uniqueoffer-s.com
bigdiscountbuy.com
onlineshopp-ing.com
health-yshopping.com
1dealiotoday.com
onlineshopp-ing.com
inter-netsuggestions.com
intern-etadvertising.com
hug-ediscounts.com
z404.com
realcoupon-s.com


What's even worse is there are pay-for spyware removal programs that claim to defeat this problem, popping up in my browsers ! ! !

I tried placing these sites in my HOST file and also adding them to my "block content" list under IE / TOOLS / CONTENT to no avail !

They still keep popping up ! ! !

velfaires
2006-02-20, 15:21
No hjt logs in this forum.
http://forums.spybot.info/showthread.php?t=1266

velfaires
2006-02-20, 15:22
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
AFD ネットワーク サポート環境: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\services.exe (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
標準 IDE/ESDI ハード ディスク コントローラ: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINNT\system32\ati2sgag.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
atitray: \??\C:\Program Files\ATI Technologies\Radeon Omega Drivers\v2.6.53\ATI Tray Tools\atitray.sys (system)
ATM ARP クライアント プロトコル: System32\DRIVERS\atmarpc.sys (manual start)
オーディオ スタブ ドライバ: System32\DRIVERS\audstub.sys (manual start)
B's Recorder GOLD Service: C:\Program Files\B's Recorder GOLD8\bgsvc.exe (autostart)
Computer Browser: %SystemRoot%\System32\services.exe (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM ドライバ: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
cmosa: System32\DRIVERS\cmosa.sys (system)
Creative Service for CDROM Access: C:\WINNT\System32\CTsvcCDA.EXE (autostart)
Game Port for Creative SB Live!: System32\DRIVERS\ctljystk.sys (manual start)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
ディスク ドライバ: System32\DRIVERS\disk.sys (system)
CNet PRO200WL PCI Fast Ethernet NT Driver : System32\DRIVERS\DM9PCI5.SYS (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
論理ディスク マネージャ ドライバ: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Creative SB Live! Value (WDM): system32\drivers\emu10k1f.sys (manual start)
Creative Interface Manager Driver (WDM): system32\drivers\ctlface.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
FAX Service: %systemroot%\system32\faxsvc.exe (manual start)
フロッピー ディスク コントローラ ドライバ: System32\DRIVERS\fdc.sys (manual start)
フロッピー ディスク ドライバ: System32\DRIVERS\flpydisk.sys (manual start)
FsVga: System32\DRIVERS\fsvga.sys (system)
ボリューム マネージャ ドライバ: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
i8042 キーボードおよび PS/2 マウス ポート ドライバ: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPSEC ドライバ: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA バス ドライバ: System32\DRIVERS\isapnp.sys (system)
キーボード クラス ドライバ: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\services.exe (autostart)
Workstation: %SystemRoot%\System32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
Macromedia Licensing Service: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" (manual

start)
Messenger: %SystemRoot%\System32\services.exe (autostart)
NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
マウス クラス ドライバ: System32\DRIVERS\mouclass.sys (system)
BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink コンバータ: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Ndcbiotfi: C:\WINNT\system32\drivers\DMusic.sys (disabled)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O プロトコル: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS インターフェイス: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
パラレル クラス ドライバ: System32\DRIVERS\parallel.sys (manual start)
パラレル ポート ドライバ: System32\DRIVERS\parport.sys (system)
PCI バス ドライバ: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
PfModNT: \??\C:\WINNT\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Probe: system32\DRIVERS\probe.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
デジタル CD オーディオ再生フィルタ ドライバ: System32\DRIVERS\redbook.sys (system)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
SecDrv: \??\C:\WINNT\system32\drivers\SECDRV.SYS (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
シリアル ポート ドライバ: System32\DRIVERS\serial.sys (system)
Creative SoundFont Manager Driver (WDM): system32\drivers\sfman.sys (manual start)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Simple TCP/IP Services: %SystemRoot%\System32\tcpsvcs.exe (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
Print Spooler: C:\WINNT\system32\spoolsv.exe (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSHDRV76: \??\C:\WINNT\system32\drivers\SSHDRV76.sys (system)
Still Image Service: %systemroot%\system32\stisvc.exe (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
SVKP: \??\C:\WINNT\System32\SVKP.sys (autostart)
ソフトウェア バス ドライバ: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (disabled)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP プロトコル ドライバ: System32\DRIVERS\tcpip.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: system32\DRIVERS\usbhub20.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB スキャナ ドライバ: System32\DRIVERS\usbscan.sys (manual start)
USB 大容量記憶装置ドライバ: System32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
WMDM PMSP Service: C:\WINNT\System32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
Windows Socket 2.0 非 IFS サービス プロバイダ サポート環境: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 27,387 bytes
Report generated in 0.219 seconds

velfaires
2006-02-20, 15:23
What I've noticed is that rundll32.exe is running in my processes when it wasn't doing so a few days ago. It's suddenly hogging up resources but I can't seem to pinpoint where it's being hijacked from.


Please, please, please help ! ! ! :confused:

md usa spybot fan
2006-02-20, 15:46
I suggest posting in the Malware Removal forum. That is the forum on this site were where people familiar with malware removal assist people having problems like yours. Follow the instructions here:
BEFORE you post a log, and who will advise you.
http://forums.spybot.info/showthread.php?t=288
Then post in the following forum:
Malware Removal
http://forums.spybot.info/forumdisplay.php?f=22