Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

GAH.. popups keep POPPING UP! [CLOSED]


  • This topic is locked This topic is locked

#1
yikes_help

yikes_help

    New Member

  • Member
  • Pip
  • 1 posts
Here's my HiJack This Log::

Logfile of HijackThis v1.99.1
Scan saved at 3:49:18 PM, on 6/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\3M\PSNotes\psn.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rddn.exe
C:\PROGRA~1\3M\PSNotes\PSNGive.exe
C:\Program Files\ABC\abc.exe
C:\zip\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\eliteyuk32.exe
O4 - HKLM\..\Run: [swdweo] c:\windows\system32\uexhch.exe r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


AND ALSO when i start WINDOWs... an "error" window pops up saying it can't find Nail.exe and i know its some sort of virus, so i dont know how to rid it either..

pop ups such as: vgscript registry cleaner keeps coming up, sometimes things from BetterInternet

Edited by yikes_help, 15 June 2005 - 05:16 PM.

  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Download and install CCleaner
Do not use it yet.

* Download LQfix.zip
Unzip it and save it to your desktop, don't use it yet!!

* Please set your system to show all files; please see here if you're unsure how to do this.

To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\eliteyuk32.exe
O4 - HKLM\..\Run: [swdweo] c:\windows\system32\uexhch.exe r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe


* Click on Fix Checked when finished and exit HijackThis.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Doubleclick LQfix.bat that you saved on your desktop before.
A doswindow will open and close again, this is normal. !! Don't forget this step !!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\System32\winupdt.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rddn.exe
C:\Program Files\Common files\updater\wupdater.exe
c:\windows\system32\uexhch.exe
C:\WINDOWS\wupdt.exe

* Still in safe mode Run Ccleaner and click Run Cleaner (bottom right)

* Reboot your system back to normal mode.

Post back a fresh HijackThis log and I'll take another look.

By the way, do you know this: ?
C:\Program Files\ABC\abc.exe
Is that a bittorrent Client?
  • 0

#3
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP