QJ.net Game Discussion - PSP, Xbox, Wii, PS3, PSP Homebrew, and PSP Guides

**TweaKz0r** · 10-22-2005, 04:34 AM

Ad/Mal/Spyware... We all hate it. But most of it can be easily ridden of by Spybot S&D or any other "leet" *Ware program.

But yeah, I need your help on this one >_>

I was downloading this crack and while I'm normally against opening other EXEs in the crack zip/rar file - because theyre usually mal, ad and/or spyware - I did. I accidently clicked on another EXE in the zip file. My computer got pumped with spy/ad/malware. I managed to remove most of it bij Ctrl+Alt+Del and then checking processes, removing suspicious processes, and then use Spybot S&D for the last ones. 139 Problems... Fixed em. Rebooted in safe mode, used MSConfig and Regcleaner, etc, to clean the last ****. But there was this nasty adware that remained.

It just seems to love me, because it doesnt want to go. I cant find where it is located as EXE on my PC and no suspicious processes are running because I cleaned up everything: Mustve injected itself into another EXE like explorer.exe or rundll32.exe.

Now, Spyware S&D cant find it, Hitman Pro cant find it, Ad-Aware cant find it. Task manager does not have any suspicious **** running. MSConfig boot **** is clean. Hijack This shows no suspicious processes, nothing does. So what I keep getting now are these nasty little popups. They pop up in firefox (even when its not running it starts) and shows a flash animation. Most of them can be clicked away by the X button but they start off as fullscreen and then resize to like 300x100 so you click on the X at the topright of the screen and close an App you were working on/with.. very irritating.

Please help xD I want this **** gone.

Hijack This log:

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 10:46:03, on 22-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss. exe
C:\WINDOWS\system32\winlo gon.exe
C:\WINDOWS\system32\servi ces.exe
C:\WINDOWS\system32\lsass .exe
C:\WINDOWS\system32\svcho st.exe
C:\WINDOWS\System32\svcho st.exe
C:\WINDOWS\system32\spool sv.exe
C:\WINDOWS\system32\rundl l32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Maxtor\OneTou ch\Utils\OneTouch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bi n\jusched.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\rundl l32.exe
C:\Program Files\SlySoft\CloneCD\Clo neCDTray.exe
C:\WINDOWS\system32\nvsvc 32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmo n.exe
C:\Program Files\Messenger\msmsgs.ex e
C:\Program Files\GrabClipSave\GrabCl ipSave.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\K EM.exe
C:\Program Files\Logitech\SetPoint\K HALMNPR.EXE
C:\WINDOWS\system32\wscnt fy.exe
C:\PROGRA~1\Sitecom\BLUET O~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svcho st.exe
C:\WINDOWS\system32\mdm.e xe
C:\WINDOWS\system32\wuauc lt.exe
C:\PROGRA~1\MOZILL~2\THUN DE~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiex ec.exe
C:\Program Files\HijackThis\HijackTh is.exe

R0 - HKCU\Software\Microsoft\I nternet Explorer\Toolbar,LinksFol derName = Koppelingen
R3 - Default URLSearchHook is missing
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroC heck.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTou ch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl .dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [GCS] "C:\Program Files\GrabClipSave\GrabCl ipSave.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.ex e" -n=200
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\K EM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll/AcroIECaptureSelLinks.htm l
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClie nt.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Offi ce10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx. htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bi n\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bi n\npjpi150_04.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang. dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.ex e
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang. dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.ex e
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msg rapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxpp anel.dll
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\k4800 elmehqa0.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc .exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodServic e.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc 32.exe

So yeah.. Anybody have any clue how to remove this little piece of crap?

**AnonymousTipster** · 10-22-2005, 05:09 AM

Well,
A. Don't download cracked games :icon_razz
B. Try MSAS Microsoft Anti Spyware: http://www.microsoft.com/athome/secu...e/default.mspx I swear it's the best program MS have made yet. As well as removing spyware it also asks for confirmation on installing products, so it should stop spyware getting on in the first place.

**TweaKz0r** · 10-23-2005, 02:22 AM

Lol the game wasnt cracked ;P

I'll try MSAS.

Edit: What teh... >_> It found like 3 Spy/Ad/Malware Apps and I removed em but I still get those popups ... -.- So its not that >_<

**MagicianFB** · 10-23-2005, 07:23 AM

Only found 3?? I've found MSAS really good at spyware. That must be pretty tricky spyware.

10-22-2005, 05:09 AM	#2
AnonymousTipster Developer Join Date: Jun 2005 Location: Under a Large rock called Fred Posts: 693 Trader Feedback: 0	Well, A. Don't download cracked games :icon_razz B. Try MSAS Microsoft Anti Spyware: http://www.microsoft.com/athome/secu...e/default.mspx I swear it's the best program MS have made yet. As well as removing spyware it also asks for confirmation on installing products, so it should stop spyware getting on in the first place. __________________ Developer of Tipster Unzip/Unrar ThrottleX RoboTORN3D ODEPsp Now, with the power of my PSP, I will finally RULE THE WORLD. Muhahahah.

10-23-2005, 02:22 AM	#3
TweaKz0r Join Date: Sep 2005 Location: Teh leet country Firmware: 1.50 Posts: 73 Trader Feedback: 0	Lol the game wasnt cracked ;P I'll try MSAS. Edit: What teh... >_> It found like 3 Spy/Ad/Malware Apps and I removed em but I still get those popups ... -.- So its not that >_< Last edited by TweaKz0r; 10-23-2005 at 02:52 AM..

10-23-2005, 07:23 AM	#4
MagicianFB NDS Mod Join Date: Jul 2005 Location: w00+land Posts: 645 Trader Feedback: 0	Only found 3?? I've found MSAS really good at spyware. That must be pretty tricky spyware. __________________ "15% percent of programing is creating a program, 85% percent is getting it to work like it should." - Me [URL=http://www.mozilla.org/products/firefox/][IMG]http://img439.imageshack.us/img439/5667/getfirefox0sr.png[/IMG][/URL]

QJ.net Game Discussion - PSP, Xbox, Wii, PS3, PSP Homebrew, and PSP Guides

*Ware help.