Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] Adware please help!

[Fixed] Hijackthis! Logs - [Fixed] Adware please help! posted in the Security & Safety forums; I keep having a Server busy message come up and when it goes away a pop up advertisement (or more) comes up in Internet explorer (my default browser is Firefox ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 3 1 2 3 >
  #1  
Old 09-18-2006
Bronze Member
My PC
 
Join Date: Sep 2006
Location: East New Market, Maryland
Posts: 11
xmetalxheartsx_ - See this Members User comments on their Profile page
Send a message via MSN to xmetalxheartsx_ Send a message via Yahoo to xmetalxheartsx_
Default [Fixed] Adware please help!
I keep having a Server busy message come up and when it goes away a pop up advertisement (or more) comes up in Internet explorer (my default browser is Firefox though). It keeps coming up and I'm trying to get rid of it, but it seems to be coming back. I believe the dll file is mvbs.dll, but i don't know where to find it. i've ran Windows defender, and avg and they both detected nothing. Help would be greatly appreciated.

I had to put my Hijack and ewido logs as attachments, they were too long and i couldn't shorten them.

Thanks in advance
Attached Files
File Type: txt Report-Scan-20060917-192133.txt (91.7 KB, 2 views)
File Type: log hijackthis.log (24.7 KB, 2 views)


  #2  
Old 09-18-2006
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default
Hya xmetalxheartsx_, welcome to PCHF.



First look in your add/remove programs for any of these:

Ezula
popupwithcast
Oin
OuterInfo
Yazzle by OIN
Cowabanga by OIN
PuritySCAN By OIN
Snowballwars by OIN
ipwins
Zolero
Tizzletalk
MediaTickets
Forethought
Quicklinks
PSLister
or anything similar with Oin or Outerinfo in it.


If any of those names are found, click on it, and click remove.

Reboot and delete this folder if found:
C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed:
Uninstaller
Reboot when done and delete this folder if found:
C:\Program Files\PurityScan


Run HijackThis , select to do a "system scan only" and then place a check beside each of the following:
(if still present)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Windows Live
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Windows Live
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;
R3 - URLSearchHook: (no name) - {9A4892AE-2F6A-07B8-1CF6-00E2EA077BB5} - C:\WINDOWS\system32\mvbs.dll (file missing)
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsyB8.dll
O2 - BHO: (no name) - {9A4892AE-2F6A-07B8-1CF6-00E2EA077BB5} - C:\WINDOWS\system32\mvbs.dll (file missing)
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c =Q106&bd=presario&pf=laptop
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\Amanda\LOCALS~1\Temp\mma .chm::/joysavsht.cab
Now first close all windows and browsers other then HijackThis , then click Fix checked and close HijackThis.

Then manually delete these files and folders if present:

C:\WINDOWS\system32\mvbs.dll
C:\WINDOWS\system32\nsyB8.dll
C:\program files\popupwithcast
C:\Documents and Settings\Amanda\Local Settings\Temp\pre.exe
C:\Documents and Settings\Amanda\Local Settings\Temp\mma.chm

After that reboot your pc, and post a new HijackThis log please.


And do you know these yourself:

O3 - Toolbar: 977 Music Toolbar - {e63ee7fe-8e20-48fd-91d2-99e179860d38} - C:\Program Files\977_Music\tb977_.dll

and:

C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs -> Not-A-Virus.BadJoke.JS.RJump : No action taken.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #3  
Old 09-18-2006
Bronze Member
My PC
 
Join Date: Sep 2006
Location: East New Market, Maryland
Posts: 11
xmetalxheartsx_ - See this Members User comments on their Profile page
Send a message via MSN to xmetalxheartsx_ Send a message via Yahoo to xmetalxheartsx_
Default
Only one i found and removed was MediaTickets. i deleted the popupwithcast folder the night i got infected, which was Saturday night. The Purityscan folder wasn't found at all.

I know this is ....

O3 - Toolbar: 977 Music Toolbar - {e63ee7fe-8e20-48fd-91d2-99e179860d38} - C:\Program Files\977_Music\tb977_.dll

But i don't know what this is.

C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs -> Not-A-Virus.BadJoke.JS.RJump : No action taken.



Ran another hijack log and here it is
Attached Files
File Type: log hijackthis.log (23.0 KB, 2 views)


  #4  
Old 09-19-2006
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default
You can delete this folder:
(in safemode if needed)

C:\Program Files\Evrsoft First Page 2006

Then open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, and copy and paste the results in your next post please.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #5  
Old 09-19-2006
Bronze Member
My PC
 
Join Date: Sep 2006
Location: East New Market, Maryland
Posts: 11
xmetalxheartsx_ - See this Members User comments on their Profile page
Send a message via MSN to xmetalxheartsx_ Send a message via Yahoo to xmetalxheartsx_
Default
I've deleted the folder...

Here is the list that was made.

977 Music Toolbar
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Software Suite
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG Free Edition
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Chatango Message Catcher
Conexant AC-Link Audio
Core FTP LE 1.3c
Crystal Maze from Hewlett-Packard Laptops (remove only)
Customer Experience Enhancement
dBpowerAMP Music Converter
ewido anti-spyware 4.0
Eye Candy 3
Eye Candy 4000 Demo
Faerie Bubbles Screen Saver
FATE from Hewlett-Packard Laptops (remove only)
Filetopia Client v3.04d
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Firefox Windows Media Player XPI
Flexbeta Firetweaker
Flickr Uploadr 2.3
Flip Words from Hewlett-Packard Laptops (remove only)
Form Fill (Windows Live Toolbar)
Free WMA to MP3 Converter 1.16
Google Toolbar for Internet Explorer
Happy Chia Screen Saver
HijackThis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP DVD Play 2.0
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Cameras 4.5
HP Photosmart Premier Software 6.0
HP Rhapsody
HP Software Update
HP User Guides 0025
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
ICQ 5.1
ImageMap Applet Builder
iMesh
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Jewel Quest from Hewlett-Packard Laptops (remove only)
Last.fm 1.0.6
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Logo Snow Fall Screen Saver
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Map Button (Windows Live Toolbar)
Matrix Y2K Website Studio 2005.SE
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft Money 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Windows Journal Viewer
Microsoft Works
Mozilla Firefox (1.5.0.7)
muvee autoProducer 4.5
MySpaceIM
Neopets
Netscape Browser (remove only)
Norton Spyware Scan provided by Yahoo!
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OneCare Advisor (Windows Live Toolbar)
Paint Shop Pro 7 ESD
Picasa 2
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Popup Blocker (Windows Live Toolbar)
PSPad editor
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 G1
Quicken 2006
QuickTime
RealPlayer
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Serif PhotoPlus 6.0
Skype 2.5
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Smart Menus (Windows Live Toolbar)
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoulSeek Client 157 test 8
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
StuffPlug-NG (Messenger Plus! Plugins)
Super Granny from Hewlett-Packard Laptops (remove only)
Switch Uninstall
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TopStyle Lite (Version 3.0)
TourSetup
Trillian
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URGE
WildTangent Web Driver
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 Beta 3
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Safety Scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Wireless Home Network Setup
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Engine
Yahoo! Toolbar for Internet Explorer


Last edited by xmetalxheartsx_; 09-19-2006 at 07:03 PM.
  #6  
Old 09-21-2006
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default
Let's see if Combofix gets the remaining Purityscan entrys:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with new HJT log please.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 3 1 2 3 >

Bookmarks

« [Clean] Adware.DeluxeCommunications | [Resolved] Wife's computer slow & HD runs a lot »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 05:35 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top
Consolidation
Consolidation advice from Moneyexpert.

eBay
If you are an eBay user, you will find this song pretty funny.

Ringtones
Ringtones are an important revenue stream for all major record companies since illegal downloads became popular.