944,061 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > got rid of about:blank and freshbar but am still having popup problems
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Feb 7th, 2005
0

got rid of about:blank and freshbar but am still having popup problems

Expand Post »
hello can i pls get some help

i got rid of about:blank and freshbar but am still having popup problems but am still having trouble, i am occasionally still getting freshbar in 1 of my spyware scans and keep fixing it, and about:blank is gone totally (i think) but some1 pls help me wif these pop ups

heres a hijack this log :

Logfile of HijackThis v1.99.0
Scan saved at 7:04:16 PM, on 7/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\other\Norton AntiVirus\navapsvc.exe
D:\other\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\other\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Other\Winamp\winampa.exe
D:\Other\dameon tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\other\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\smbdins.exe
C:\WINDOWS\System32\sethcd.exe
C:\WINDOWS\System32\tsmsetup.exe
D:\Other\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Other\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Other\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Other\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\other\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\other\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Other\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Other\dameon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SysMetrix] D:\Other\SysMetrix.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] D:\Games\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\other\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Other\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Work\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Other\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Work\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB9AAD89-9E4A-4065-B3AF-509618585F40}: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: tœ†5�òEÆR - {FF011447-9C67-4797-B1D6-9330F1DCDCA2} - C:\WINDOWS\System32\qwsxp.dll
O18 - Filter: tœ†5�ò¸EÆR - {960C22D2-2F6D-4160-BBDD-0BC6A7D9651A} - (no file)
O18 - Filter: tœ†5�ò�TÆR - {AE67AC51-59E5-4F3B-AD0D-B8DE16822566} - C:\WINDOWS\System32\qwsxp.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - D:\other\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - D:\other\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\other\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ur help is much appreciated thnx
Reputation Points: 10
Solved Threads: 0
Newbie Poster
inZy is offline Offline
6 posts
since Feb 2005
Permalink
Feb 7th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

oh and i also have the system32 file called snmpapi.dll if it helps
Reputation Points: 10
Solved Threads: 0
Newbie Poster
inZy is offline Offline
6 posts
since Feb 2005
Permalink
Feb 8th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

snmpapi.dll is a system file (http://www.liutilities.com/products/...brary/snmpapi/)

Go here:

http://forums.skads.org/index.php?showtopic=80

Get the file that is attached in post #3 (remv3.zip)

Unzip the remv3.zip files to a permanent folder and run it in SAFE MODE ONLY.

Then, after rebooting, post the results from c:\log.txt.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Feb 8th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

thnx for helping me dude!! heres the log:

Files Found.................
----------------------------------------

Files Not deleted.................
----------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------


Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
-----------------------------------------------------------------
msi.dll
Finished
Reputation Points: 10
Solved Threads: 0
Newbie Poster
inZy is offline Offline
6 posts
since Feb 2005
Permalink
Feb 8th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

Do a search for msi.dll and give us all the locations found, there should be at least one, but there may be more.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Feb 8th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

just 1 in system32, and its 2000 kb
Reputation Points: 10
Solved Threads: 0
Newbie Poster
inZy is offline Offline
6 posts
since Feb 2005
Permalink
Feb 8th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

Hmmm, you shouldn't have anything related to Freshbar then, so I don't know why it's showing up in your scans; what are you scaning with and where does it say it's located?
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Feb 8th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

well ive stopped running ie so i dont know if the tool bar has come back but im using spyware doctor which finds the files of freshbar in my favourites list and in system 32 as balloon.avi and the program deletes them, but even when they r deleted i am still getting those popups of strip poker, heaps of other porno popup and messages from windows talking about spyware and firewalls n crap...

and ... i used adware away to get rid of about:blank
Reputation Points: 10
Solved Threads: 0
Newbie Poster
inZy is offline Offline
6 posts
since Feb 2005
Permalink
Feb 8th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

You need to reboot then rescan with hijackthis and post that log back here.
Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,165 posts
since Feb 2004
Permalink
Feb 8th, 2005
0

Re: got rid of about:blank and freshbar but am still having popup problems

k ill do it tomorrow
Reputation Points: 10
Solved Threads: 0
Newbie Poster
inZy is offline Offline
6 posts
since Feb 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Re: Hijack log-WMP Internal application error ha occured
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: HiJackThis and Panda titanium problem





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC