media tickets

Discussion in 'adware, spyware & hijack cleaning' started by wotowoto, Jul 12, 2004.

Thread Status:
Not open for further replies.
  1. wotowoto

    wotowoto Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    1
    Location:
    Birmingham, England.
    Help please, i have this confounded media tickets popping up every 30 secs or so, and although i have tried other remedies that have been posted, alas it still haunts me!!!
    Heres my log!
    Logfile of HijackThis v1.98.0
    Scan saved at 22:38:07, on 12/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\video_32sD.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    D:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\bhexon.exe
    C:\Documents and Settings\andy\Application Data\aahd.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Logitech\Video\LowLight.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\andy\Desktop\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Java Windows Update] bhexon.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKLM\..\RunServices: [Microsoft Java Windows Update] bhexon.exe
    O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Java Windows Update] bhexon.exe
    O4 - HKCU\..\Run: [Asom] C:\Documents and Settings\andy\Application Data\aahd.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

    Please help!
     
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Hi wotowoto

    Pls. save Hijackthis into its OWN folder - like C:\HIjackThis.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click "Fix checked":

    O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32sD.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Microsoft Java Windows Update] bhexon.exe

    O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
    O4 - HKLM\..\RunServices: [Microsoft Java Windows Update] bhexon.exe
    O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32sD.exe

    O4 - HKCU\..\Run: [Microsoft Java Windows Update] bhexon.exe
    O4 - HKCU\..\Run: [Asom] C:\Documents and Settings\andy\Application Data\aahd.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    These are the nasty W32/Rbot-BB
    Details here: http://www.us.sophos.com/virusinfo/analyses/w32rbotbb.html

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.pandasoftware.com/activescan/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

    Then reboot and use AdAware as described :
    HERE

    Empty your Temporary Internet Files and history in Internet Options. And clean out your
    %Userprofile%\Local Settings\Temp
    folder. It's a good idea to do that regularly.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Problems gone?
     
Thread Status:
Not open for further replies.