1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hopeless

Discussion in 'Virus & Other Malware Removal' started by lisafew, Jan 24, 2005.

Thread Status:
Not open for further replies.
  1. lisafew

    lisafew Thread Starter

    Joined:
    Jan 20, 2005
    Messages:
    4
    cant get rid of popup ads they are everywhere!! can someone help me? I have already ran, shredder, ad-aware, spybot, hijackthis, and deleted few files in safe mode, is there anything else i should do, this is my hijack log after i did the above clean up actions.



    Logfile of HijackThis v1.99.0
    Scan saved at 3:56:47 PM, on 01/20/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\vivoru.exe
    C:\WINNT\system32\atiptaxx.exe
    C:\Program Files\UPSMON\Upsmon.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\UPSMON\UPSData.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINNT\system32\rundll32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oemji.com/side_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [PrvDef3.0] C:\Program Files\PrvDef3.0\PrvDef3.0.exe
    O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe
    O4 - Startup: Upsmon.lnk = C:\Program Files\UPSMON\Upsmon.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O10 - Unknown file in Winsock LSP: c:\program files\oemji\oemjisearchplus\sfbnsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...738&clcid=0x409
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spys...tterInstall.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HEALTH
    O17 - HKLM\System\CCS\Services\Tcpip\..\{06677BA1-501C-4709-8BF7-A7771218A499}: NameServer = 192.168.0.200
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HEALTH
    O17 - HKLM\System\CS1\Services\Tcpip\..\{06677BA1-501C-4709-8BF7-A7771218A499}: NameServer = 192.168.0.200
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HEALTH
    O17 - HKLM\System\CS2\Services\Tcpip\..\{06677BA1-501C-4709-8BF7-A7771218A499}: NameServer = 192.168.0.200
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
     
  2. Dust Sailor

    Dust Sailor

    Joined:
    Mar 17, 2004
    Messages:
    2,735
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,245
    Step 1:

    Click here: http://www.atribune.org/downloads/l2mfix.exe to download L2mfix.

    Save the file to your desktop and double click l2mfix.exe. Read and Accept the agreement. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/322889

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice