got rid of about:blank and freshbar but am still having popup problems

Question

inZy 0 Newbie Poster

19 Years Ago

hello can i pls get some help

i got rid of about:blank and freshbar but am still having popup problems but am still having trouble, i am occasionally still getting freshbar in 1 of my spyware scans and keep fixing it, and about:blank is gone totally (i think) but some1 pls help me wif these pop ups

heres a hijack this log :

Logfile of HijackThis v1.99.0
Scan saved at 7:04:16 PM, on 7/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\other\Norton AntiVirus\navapsvc.exe
D:\other\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\other\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Other\Winamp\winampa.exe
D:\Other\dameon tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\other\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\smbdins.exe
C:\WINDOWS\System32\sethcd.exe
C:\WINDOWS\System32\tsmsetup.exe
D:\Other\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Other\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Other\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Other\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\other\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\other\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Other\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Other\dameon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SysMetrix] D:\Other\SysMetrix.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] D:\Games\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\other\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Other\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Work\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Other\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Work\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB9AAD89-9E4A-4065-B3AF-509618585F40}: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: tœ†5òEÆR - {FF011447-9C67-4797-B1D6-9330F1DCDCA2} - C:\WINDOWS\System32\qwsxp.dll
O18 - Filter: tœ†5ò¸EÆR - {960C22D2-2F6D-4160-BBDD-0BC6A7D9651A} - (no file)
O18 - Filter: tœ†5òTÆR - {AE67AC51-59E5-4F3B-AD0D-B8DE16822566} - C:\WINDOWS\System32\qwsxp.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - D:\other\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - D:\other\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\other\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ur help is much appreciated thnx

windows-virus

3 Contributors
10 Replies
117 Views
1 Day Discussion Span
Latest Post 19 Years Ago Latest Post by crunchie

All 10 Replies

dlh6213 27 Posting Maven

19 Years Ago

snmpapi.dll is a system file (http://www.liutilities.com/products/wintaskspro/dlllibrary/snmpapi/)

Go here:

http://forums.skads.org/index.php?showtopic=80

Get the file that is attached in post #3 (remv3.zip)

Unzip the remv3.zip files to a permanent folder and run it in SAFE MODE ONLY.

Then, after rebooting, post the results from c:\log.txt.

dlh6213 27 Posting Maven

19 Years Ago

Do a search for msi.dll and give us all the locations found, there should be at least one, but there may be more.

dlh6213 27 Posting Maven

19 Years Ago

Hmmm, you shouldn't have anything related to Freshbar then, so I don't know why it's showing up in your scans; what are you scaning with and where does it say it's located?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

inZy 0 Newbie Poster · Answer 1 · 2005-02-07T15:32:12+00:00

oh and i also have the system32 file called snmpapi.dll if it helps

inZy 0 Newbie Poster · Answer 2 · 2005-02-08T16:31:05+00:00

thnx for helping me dude!! heres the log:

Files Found.................
----------------------------------------

Files Not deleted.................
----------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------

Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
-----------------------------------------------------------------
msi.dll
Finished

inZy 0 Newbie Poster · Answer 3 · 2005-02-08T16:48:32+00:00

inZy 0 Newbie Poster

19 Years Ago

just 1 in system32, and its 2000 kb :S

inZy 0 Newbie Poster · Answer 4 · 2005-02-08T17:02:16+00:00

well ive stopped running ie so i dont know if the tool bar has come back but im using spyware doctor which finds the files of freshbar in my favourites list and in system 32 as balloon.avi and the program deletes them, but even when they r deleted i am still getting those popups of strip poker, heaps of other porno popup and messages from windows talking about spyware and firewalls n crap...

and ... i used adware away to get rid of about:blank

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 5 · 2005-02-08T17:44:05+00:00

You need to reboot then rescan with hijackthis and post that log back here.
Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

inZy 0 Newbie Poster · Answer 6 · 2005-02-08T18:06:48+00:00

inZy 0 Newbie Poster

19 Years Ago

k ill do it tomorrow

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 7 · 2005-02-08T18:20:46+00:00

crunchie 990 Most Valuable Poster

19 Years Ago

Yep. Me going to bed now anyway :cheesy:

got rid of about:blank and freshbar but am still having popup problems

Recommended Answers Collapse Answers

All 10 Replies

Recommended Answers