Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please help in getting rid of popups for DriveCleaner, WinAntiVirusPro

Started by ahr2003 , Aug 10 2006 04:48 PM

  • Please log in to reply
1 reply to this topic

#1 ahr2003

ahr2003

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 10 August 2006 - 04:48 PM

Please help in getting rid of popups for DriveCleaner, WinAntiVirusPro, etc.

Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:36:24 PM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\ChannelDeploy.sys
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\OfficeScan NT\NTRtScan.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.EXE
C:\OfficeScan NT\TmListen.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\KHBCEB.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Hummingbird\DM Extensions\papihost.exe
C:\OfficeScan NT\pccntmon.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Prism Deploy\Client\PTClient.exe
C:\Program Files\Apoint\Apntex.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\DOCUME~1\ARAUBV~1\MYDOCU~1\MCROSO~1.NET\ati2evxx.exe
C:\WINDOWS\system32\F?nts\t?skmgr.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\eRoom 7\ERClient7.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hummingbird\DM Extensions\DM.exe
C:\Program Files\Hummingbird\DM Extensions\Interceptor.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Documents and Settings\araubvogel\My Documents\Temp\HijackThis.exe
C:\Program Files\Hummingbird\DM Extensions\pwdsinst.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.c...VbriNGowAkXYLbQ
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://efenwick.fen.../eRoom/eFenwick
R3 - URLSearchHook: (no name) - {FD5E8E09-10CC-346F-ECD9-108481921FC2} - C:\WINDOWS\system32\xlzaiwoo.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {42fc1a83-be9f-4aee-b737-2c90f0fae0b9} - C:\WINDOWS\system32\docime.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEBrowserHelperObject Class - {86EA4148-BEE6-4CEE-A72F-DA27A5112BD1} - C:\WINDOWS\system32\SSIBrowserHook4.dll
O2 - BHO: BrwIEConnector Class - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FD5E8E09-10CC-346F-ECD9-108481921FC2} - C:\WINDOWS\system32\xlzaiwoo.dll (file missing)
O3 - Toolbar: (no name) - {4647E382-520B-11D2-A0D0-004033D0645D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: LexLink IE ToolBar - {CBAA6F21-985C-11D4-A02B-00B0D073E889} - C:\Program Files\LexisNexis\CheckCite\llieobj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PowerDOCSAPIHost] "C:\Program Files\Hummingbird\DM Extensions\papihost.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Prism Deploy\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [USPTO Direct Recovery] "C:\Program Files\USPTO\etdirrcv.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Sera] "C:\DOCUME~1\ARAUBV~1\MYDOCU~1\MCROSO~1.NET\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [Kqxc] C:\WINDOWS\system32\F?nts\t?skmgr.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\palmOne\Hotsync.exe
O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\PTPNDFLS\PTPNDFLS.EXE
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Browster Prefetch On/Off - res://C:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://extranet.fenwick.com
O15 - Trusted Zone: fwintranet.fenwick.com
O15 - Trusted Zone: portal.fenwick.com
O15 - Trusted Zone: http://*.fwintranet
O15 - Trusted Zone: www.lexis.com
O15 - Trusted Zone: http://*.svcdatamagic
O15 - Trusted Zone: www.westlaw.com
O15 - Trusted Zone: http://extranet.fenwick.com (HKLM)
O15 - Trusted Zone: fwintranet.fenwick.com (HKLM)
O15 - Trusted Zone: portal.fenwick.com (HKLM)
O15 - Trusted Zone: http://*.fwintranet (HKLM)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - https://efenwick.fen...etup/client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = firm.fenwick.llp
O17 - HKLM\Software\..\Telephony: DomainName = firm.fenwick.llp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = firm.fenwick.llp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = firm.fenwick.llp
O20 - AppInit_DLLs: C:\WINDOWS\system32\csrss.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Channel Deployer - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\ChannelDeploy.sys
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\NTRtScan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SSI Client Installer - Scalable Software, Inc. - C:\WINDOWS\system32\SCInstallerNT.exe
O23 - Service: SSI Survey Client - Scalable Software, Inc. - C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\TmListen.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    Advertisements

Register to Remove

#2 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 11 August 2006 - 10:52 AM

Hello ahr2003 and Welcome to TomCoyote,

STEP 1.
======
Microsoft malicious Software Removal Tool.

Microsoft malicious Software Removal Tool.

Please follow these Instructions for downloading and running the Microsoft malicious Software Removal Tool.

Send me the results in your next reply. If any items are found, please be sure to send the log or to tell me the specific infection names.

STEP 2.
======
SpySweeper
Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

If you are taken to the internet page, just close the page.

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.


STEP 3.
======
The Ewido program’s detection rate is excellent. After the Trial has expired, the auto updates and real time protection stop but you can still update it manually and run scans anytime you want.

First download ewido anti-spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition
    files.
  • On the main screen select the icon "Update" then select the "
    Update now    " link.
    • Next select the "Start Update" button, the update will start and a
      progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of
    the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then
    select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting
    your computer and continually tapping the F8 key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or
    programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all
    actions    "
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the
    screen and save it to a text file on your system (make sure to remember where
    you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the
    results of the ewido report scan.
Empty Recycle Bin
Reboot

Please move hijackthis.exe to a permanent folder like C:\HJT\ prior to doing another hijackthis scan.

Please post the results from the Microsoft Malicious Tool Remover, SpySweeper, ewido and a new hijackthis log.

Edited by Susan528, 11 August 2006 - 10:54 AM.

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·