PDA

View Full Version : Many adware problems... please help.



dclar1
2006-06-21, 08:26
hi. i recently had a HORRIBLE adware infection, of which i was able to get rid of most of it. i have remnants laying around of the adware (or worse) programs, and i cannot for the life of me seem to get rid of them. please help me out. i will post here what steps i have taken and what i get when i run programs now.

i ran Adaware and got this:
-ABetterInternet.Nail
-vVindows (? i'm not sure of the spelling here, but i think the begining is two v's)


i ran Spybot and got this:
-Command Service


i ran TrojanHunter4 and got this:
-Adware.AdServe.100


and i ran Hijackthis and this is my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 1:19:26 AM, on 6/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\dfkoe.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,naqronp.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe





The infection, at first, was very very bad and i was able to get rid of most if it through these programs, however these problems i have listed are not fixed by the programs when they are run. please help if you know how to fix these problems, either by responding here or emailing me at

Removed. All help is provided in the forum.
Please see:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)


thanks in advance. -dan.

teacup61
2006-06-25, 12:41
Hello dclar1,

Welcome to Safer Networking Forums:) Very sorry for the delay.

Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop. (rightclick on this link and choose save as, if using IE save target as)
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Download qoofix.bat (http://downloads.subratam.org/Lon/qooFix.bat) (rightclick on this link and choose save as, if using IE save target as)
Place qoofix.bat in your C:\BFU - folder. (Important!)
Doubleclick qooFix.bat, Close all browsers and explorer folders.
Choose option 1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.
After the PC has restarted please post another hijackthis log.


Your log shows that you have disabled some startup programs using MSConfig.
This is not recommended because I cannot clearly see everything that is loading on your computer at startup.
To enable all startup items quickly please follow these instructions:

Start | Run | type msconfig | OK
If not already selected go to the General tab.
Under Startup Selection select "Normal Startup - load all device drivers and services".
Click Apply and then Close.
When given the option, please choose to restart the computer.
Post a new log when you are done.


Thanks,
tea

tashi
2006-07-02, 23:47
This topic is closed due to lack of a response.
If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.

Thank you tea. :)