Print Page - New here, check my log please ! Spyware Popups.

Title: New here, check my log please ! Spyware Popups.
Post by: xdannix on May 13, 2006, 07:19:04 AM

Ive been getting these really annoying popups every 1-5mins on both IE and FF. I havnt installed anything for these popups to keep coming up unless something has invaded my comp. None of my antivirus or spyware scanners will remove it.
Running
Win XP Pro, Service Pack 1, Spybot S&D, Ewido, Mcafee Virus Scan, CClceaner, Security Task Manager, Registry mechanic, Noadware,
ive included a screen shot.
http://i2.photobucket.com/albums/y30/xDannix/My%20Stuff/untitled.jpg

thanks :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 5:27:20 PM, on 5/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Danni\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: CCleane.lnk = C:\Program Files\CCleaner\ccleaner.exe
O4 - Global Startup: Zone Labs Security.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\q6nulg5916.dll
O23 - Service: Windows Device Synchronization Agent (DeviceSynchronization) - Unknown owner - C:\WINDOWS\devices\services.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Title: Re: New here, check my log please ! Spyware Popups.
Post by: SpyDie on May 13, 2006, 09:02:39 AM

Hi there,

Was that the full log?

Could you please give this a try?

Please download Look2Me-Destroyer.exe to your desktop.

http://www.atribune.org/ccount/click.php?id=7

Follow these steps;

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new fresh HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Title: Additional Info
Post by: SpiritWind on May 13, 2006, 03:50:09 PM

:thumbsup: This is a "referral" of mine from the Annoyances.org Forums ; on that
forum the additional info was posted :

"Ive also found these files which I cant get rid of either. Guard.tmp, Adware.Look2Me, Adware.ISTBAR, thanks "

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: xdannix on May 13, 2006, 07:19:04 AM