Ad-aware Cant Clean..

[chupzy]

Hi. I have an infected computer. I scanned with the new Ad-Aware but its not helping. I still get pop up ads. So i ran Hijack This. And here is my log file.

====================================================

Logfile of HijackThis v1.99.1

Scan saved at 6:00:53 PM, on 6/5/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\MsgSys.EXE

C:\WINDOWS\System32\Promon.exe

C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\NavNT\vptray.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

C:\Program Files\Media Pass\MediaPass.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Compaq\Easy Access Button

Support\CPQEAKSYSTEMTRAY.EXE

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program Files\Media Pass\MediaPassK.exe

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\mysingtel\singdial.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\wuauclt.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.mysingtel.com.sg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystarhub.com.sg

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by StarHub

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.zapsurf.com.sg:8080

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program

Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe

O4 - HKLM\..\Run: [Micr Update] soundblaster.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitekyk32.exe

O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe

O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Micr Update] soundblaster.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-

11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Helpdesk - {1CE51C30-AF5F-4BEC-8CA2-38A3DA51BA18} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.mystarhub.com.sg

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games

/clients/y/potb_x.cab

O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com

/games/clients/y/ft3_x.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http

://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1057_XP.cab

O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/Dial...054_pack_XP.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093563065328

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communities.msn.com/controls/chat/msnchat42.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/

MessengerStatsClient.cab31267.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/3 rdPartyContent/faustlogic/metabots/wtinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -http://sc.groups.msn.com/controls/PhotoUC/ MsnPUpld.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/

web_games/popcap/insaniquarium/popcaploader_v6.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...my/yiebio5_0_2_

7.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN

Chat Control 4.5) -http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4EBDD631-5A5C-4124-A9AE-73818AE19820}: NameServer = 203.124.0.226 203.124.1.226

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

====================================================

Thanks in advance guys...

Edited June 5, 2005 by dknoppix

[martymas]

highjack writers have by passed the normal cleaning

process.adaware wasnt designed to clean a hijack

where have you been

this is general knowledge

you need a specialised cleaner.

so wait until some one reads your hijack log but dont touch any thing your self

this board has plenty of hijack

readers.

removed info that could cause damage.

marty

Edited June 5, 2005 by Besttechie

[bozodog]

Adaware can't clean all infections..

You might start here with a SpyBot Search&Destroyscan. Download, update and scan.

Then go to TrendMicro, housecalland do a free online scan...

Then post a new HJT log.. It will be easier to read with more of the malware removed.

[chupzy]

Wait....what did i do wrong here ? I tought the standard procedure is scan with Ad-aware with the latest update. Remove watever malware ad-aware could remove. And if the problem persists scan using HijackThis and post the log file here right ?

[blim]

Hi Chupzy,

I'm not qualified to advise here, but I think I can clarify this one. First of all, you did nothing wrong!! Bozodog suggested running Spybot and Housecall in addition to Adaware. The rule is one virusscanner, one firewall, but multiple Spyware Cleaners, as each Cleaner detects different things. Adaware is great (my favorite-easy to use!) but doesn't catch everything. The other Cleaners will get rid of what Adaware doesn't detect. If you can get rid of as much "junk" as you can using the Cleaners that Bozodog suggested, and run and post a new hijack log afterwards, it will be less to clean up later. Hope that helps. Backs out slowly....

Liz

[chupzy]

Haha... ok. no prob. Im at work now.

So when i get home later. Il scan the pc with Ad-aware, Spybot search n destroy, Norton Anti Virus, and then with HJT and post a log here...

[flashh4]

howdy, wrong information revoved, but im no expert ( still in training ) so wait for an expert to tell you how & with which program to remove your problems !!! do nothing till an expert advises you !!!!!!!!

Edited June 6, 2005 by dknoppix

[bozodog]

Nortons is fine, but please try the on-line scan of Housecall... it really is a better "catcher" of lots of malware. It's free and just an on-line scan, you don't have to download anything...

[insipid]

User posted new topic, being helped here http://www.besttechie.net/forums/index.php...&st=0&p=26295