Adware Punisher

Hi, I have adware punisher on my computer and cannot seem to get rid of it. I have also been unable to get my computer into safe mode. Is there anything that I can do. I have enclosed an active scan log and a hi jack this log as well.

My comp is pentium 4, 256 ram, 40 gig drive, running windows xp sp2.

Thanks for any help or suggestions.

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Welcome to MajorGeeks.com!

Please see the below threads on how to install and run Spy Sweeper and Ewido Anti-Malware. After you ran both programs, attach the logs to your next post along with a fresh HJT log from normal mode.

• Running Spy Sweeper...
  
  
• Running Ewido Security Suite ...

 

Hi, It took some time to get these to download and run. Have a lot of work right now.

 

Please attach a fresh HJT log.

 

Edit by bjgarrick: Inline log attached!

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Spy Sweeper

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll (file missing)

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Program Files\Y!mLite\ymlite.exe (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\p2pnetworking.exe

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Hi, I completed everything that was in the previous post.
This is a fresh hijackthis log.

Adware Punisher is still my display.

Edit by bjgarrick: Inline log attached!

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\winupdate ← Delete this whole folder if it exist!

C:\Program Files\whInstall ← Delete this whole folder if it exist!

C:\Documents and Settings\Lynda\Favorites\Health ← Delete this whole folder if it exist!

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, run CCleaner once more and then let me know how things are running.

 

Hi, I completed the tasks as you set out. Adware punisher is gone from the desktop display, but the screen is a blank blue color. My original display is shown until comp finishes booting up. Enclosed is the latest hijackthis.log.

Edit by bjgarrick: Inline log attached!

 

Your HJT log looks good, however to make sure nothing is really hiding I would like to check one more thing.

Please see the below thread on how to run WinPfind and attach the log.

• Running WinPfind by OldTimer

 

Hi, Thanks for all the help so far. The only problem that I still seem to have is the display. My display pic shows up during bootup but disappears when the icons show up on the desktop. Thanks again

Lynda

Edit by bjgarrick: Inline log attached!

 

scoobydoo1952,

I figured you would see my edits and maybe start posting your logs properly but I guess you didn't catch on. Anyway, from now on when anyone request a log here ALWAYS attach it using "Manage Attachments".

 

First, download the attached file. Save to your desktop and extract the contents to it's own folder. Leave it for now and procede with the next step.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixh.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

After you complete the above merge, REBOOT INTO SAFE MODE!

Locate the file "unins.bat". Double click to run the fix.

After you complete the above, reboot back to normal mode and let me know how things are running.

 

Hi, before I checked out your reply I tried to change the display on my desktop and it worked.
The computer seems to be working fine.
Thanks for all of your help

Lynda

 

Okay, but you still need to run my last post to clean out the leftover infections.

 

hi, have done the last step. It seemed to remove yahoo and i had to reload it. Comp seems to run fine. I hope that you get the attachment. Never knew how to upload it before. Thanks for the info.

 

Have HJT fix the below entries...

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

After you complete the above your log will be clean.

Are you having any further problems?

 

I ran, checked and fixed hijackthis. Enclosed is a log. I also noticed that there was a file missing in... O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) ...is this a problem.

I seem to still have a problem with yahoo chat rooms. Conversation freezes completely and I get a message that says that there was a problem communicating with the voice server, attempting to reconnect

Thanks for the continued help

 

No, this is a legit entry, HJT has many bugs, this being one of them.

Your HJT log looks good, are you having any further malware issues? For the other problem, that would be best answered in the Software Forum. The only thing I can recommend you try is the below...