Ad-ware is still here

A

Armand

Joined
Sep 21, 2006
Messages
4
Reaction score
0
Dear people from PC-Review,

I have a problem with popups popping up here and there. I managed to reduce it from 6 popups every 5 minutes, to a lot less but still it seems to do so once in a while.

I have tried a lot of scanners yesterday, (Hitmanpro 2) and as you know that program has a whole scala of scanners built in.

Anyway, I decided to post my Hijackthis log on the forum. it's not a long one so you won't have a lot of work from it I think.

Thank you for your time.

Armand

Logfile of HijackThis v1.99.1
Scan saved at 8:55:08, on 21-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Documents and Settings\Eigenaar\Bureaublad\Eset\nod32krn.exe
C:\Documents and Settings\Eigenaar\Bureaublad\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\Eigenaar\BUREAU~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fdusd.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Documents and Settings\Eigenaar\Bureaublad\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Documents and Settings\Eigenaar\Bureaublad\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Documents and Settings\Eigenaar\Bureaublad\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows DLL System - Unknown owner - C:\WINDOWS\system32\smsc.exe (file missing)



Good luck !!
 
I strongly advise using a 'proper' firewall other than Windows's own.

I also recommend you DO NOT use two AV programs at the same time, NOD32 is better than AVG ... same goes for two anti-malware that use realtime scans such as Ewido & Spysweeper.

I can only see two items that need fixing, they are ...
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fdusd.dll (file missing)
O23 - Service: Windows DLL System - Unknown owner - C:\WINDOWS\system32\smsc.exe (file missing)

good luck
 
Thanks

should I just tick them off at Hijackthis ? so that they get "killed" or do you mean something else.

Thanks for the responce
 
Armand said:
should I just tick them off at Hijackthis ? so that they get "killed" or do you mean something else.

Thanks for the responce
Click to expand...
Yep ... Place a checkmark in the box in front of each item you plan to remove.

;)
 
Cool

Allright, I should be fine now then.

Here is the new Hijack this log. Is it clean ? or what 8)

Logfile of HijackThis v1.99.1
Scan saved at 11:43:28, on 21-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Documents and Settings\Eigenaar\Bureaublad\Eset\nod32krn.exe
C:\Documents and Settings\Eigenaar\Bureaublad\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Eigenaar\BUREAU~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\Eigenaar\BUREAU~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Documents and Settings\Eigenaar\Bureaublad\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Documents and Settings\Eigenaar\Bureaublad\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Documents and Settings\Eigenaar\Bureaublad\Webroot\Spy Sweeper\WRSSSDK.exe


Thanks a lot for your fast reply and accurate help!

Keep the good things up =)
 
I have tried a lot of scanners yesterday, (Hitmanpro 2) and as you know that program has a whole scala of scanners built in.
Click to expand...
ah, missed that when I first read your post ... I was only interested in your Log file.

It is why I see two programs in your HJT log that will fight one another and should not be used at the same time ... this Hitman Pro is a crock of sh1t and can severely damage your PC ... nice idea, shame about the way it does things, not to mention I think it brakes several Licences of the software it uses.

My advice is, if you can, uninstall it and get the full programs needed to do a proper job. :thumb:



user.gif
 
Your HJT log is clean ... it was very clean to start with ... I have no real idea if the was an 'advert' for a crap program or you are that green and need help ... but then, I'm not know as twinkle-toes around here.

Good Luck!


;)
 
The Best = u

I'll light the candle for you and shed light on the matter ;)

I work at a IT company and for some reason this computer had nothing on it..except windows and a ****load of spam...and I am an Apprentice so it was my job to get it clean. no matter how.

So, its not advertising, don't worry, just a computer which is now clean and able to take a Ghost dump from.

We don't have a win Home edition dump so...and so on.

Thanks again for the great help!!

and good luck with your good work ! I might return with my own computer in a while ;) THEN you will see a poluted computer ;)

Cu !!
 
Well ... I may ave added 2+2 and got 5, but when I see an IP address from the same country as a "casually dropped program name" I get a little suspicious. :D

I'm not adverse in passing on any knowledge I have to anyone, indeed I have had the 'pleasure' of entertaining people at my workshop on "job release" & "work experience" programs before ... whether they learned anything or not, I like to think at least I tried.

Mine is ... coffee black, no sugar. ;)


Good Luck
user.gif
 
Back
Top