www.ad-w-a-r-e.com POPUPS

Can anyone help with this problem? I keep getting POPUPS on a computer I an trying to fix. It was severly infected. I have gotten rid of everything but this one last problem.

It comes up as: http:\\www.ad-w-a-r-e.com?callback_ron.php and a whole long list of other stuff with it.

I have used Spybot1.3, Ad-aware, Hijackthis, AVG6 as well as some other tools and to no avail it keeps reappearing.

I will post my latest HijackThis log below.

This thing is kicking my butt. Any help would be greatly appreciated.

Thanks in advance!

 

HiJackThis Log

Edit by chaslang: Logfile changed to an attachment. Please do not post logs unless we ask you to do so and then only post as an attachment.

 

Startup List

StartupList report, 10/7/04, 7:55:27 AM
StartupList version: 1.52.2
Started from : C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.50 SP1 (5.50.4522.1800)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SONY\1394\SCMON.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\SONY\SMART LABEL\SSLFVIEW.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\ATI2CWAD.EXE
C:\WINDOWS\SYSTEM\ATIPTKAD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SONY\PPK SETUP\SESERVE.EXE
C:\PROGRAM FILES\BELLSOUTH\CONNECTION MANAGER\CMANAGER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
PPK Setup(Server).lnk = C:\Program Files\Sony\PPK Setup\SEServe.exe
Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Smart Connect Monitor = C:\Program Files\Sony\1394\SCMon.exe
Smart Connect Setup = C:\Program Files\Sony\1394\SCSetup.exe -c
EM_EXEC = c:\mouse\system\em_exec.exe
VortexTray = C:\WINDOWS\au10setp.exe 3
Smart Label RFViewer = C:\PROGRA~1\SONY\SMARTL~1\SSLFVIEW.EXE
SBWatchDog.EXE = C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
tgcmd = "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
ATIGART = c:\ATI\GART\ATIGART.exe
AtiCwd32 = Ati2cwad.exe
AtiKey = atiptkad.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = c:\windows\NOTEPAD.EXE %1

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 7/10/2004, 7:52:

[Rename]
NUL=C:\WINDOWS\SYSTEM\SIRAPI.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.0\ADOBEC~1

--------------------------------------------------


Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/C...7934953704

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shoc...wflash.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shoc.../swdir.cab

[ppctlcab]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://www.pestscan.com/scanner/ppctlcab.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSD406.OSD

[PPSDKActiveXScanner.MainScreen]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PPSDKACTIVEXSCANNER.OCX
CODEBASE = http://www.pestscan.com/scanner/axscanner.cab

[AvxScanOnline Control]
InProcServer32 = C:\WINDOWS\AVXOSCAN\BITDEF~1.OCX
CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 5,854 bytes
Report generated in 0.081 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Hi Weeps,

You should start here:
http://forums.majorgeeks.com/showthread.php?t=35407

Follow the instructions carefully and note the steps you can and cannot complete. This is IMPORTANT!

HijackThis is a last step and there are procedures for posting a log:
http://forums.majorgeeks.com/showthread.php?t=38752

You should move HJT to its own folder C:\Program Files\HijackThis.

That said, your HJT log is not too bad - but I just gave it a quick look.
This is the very definition of Spyware:
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
See the following:
http://www.windowsstartup.com/wso/detail.php?id=2435

Run through the tutorial carefully and post back.

Best luck

PP

 

Thanks! I will try that and see how it goes. Then I'll get back to you.

Thanks again!!!

 

All Righty Then. Keep us posted

PP

 

I got it and it worked.

I had already run SpyBlaster, Spybot and Adware SE the previous day.

I followed the steps as directed and when I got to the part where I used "Trend Micro's Free Online Virus Scan" it found 6 Trojans and deleted them. The popups stopped after that I watched it for about 20 mins.

Should have left it alone after that, however, I continued on and must have done something wrong with the settings with CCleaner. I ran it with the default options and the checked Index.dat as suggested. After that Windows wouldn't even boot up. I had to reinstall Windows 98se from scratch and we lost all their stuff.

Just curious what I might have done wrong with this program?

Next time I will stop after the "Trend Micro's Free Online Virus Scan" if I know it fixed the problem. I will steer clear of CCleaner until I have a better understanding of it.

 

I can't imagine what went wrong. CCleaner is pretty straightforward - I and many others here use it often. I've never had a problem, nor have I seen a problem like you describe attributed to CCleaner. There is little you could have done wrong with the program. Are you sure it is the culprit?

On a positve note, too few people bother to do the online scans listed in the tutorial. I'm glad you found them helpful and a resource that you can turn to in the future, should the need arise.

Best,
PP

 

Did you try and restore the registry after Windows would not open. Might have saved the information, just lost the registry boot files!

 

That may have been what I did. Like I said I really did not understand the program and I remember clicking a few other things thinking that was what I needed to do to get it to work.

 

I was working on a Windows 98se system computer. It said it was missing certain system files. Can't remember exactly which files but they were like himem.sys and those types to start with. It was really hosed up.

I figured after reading the previous posts it because I obviously didn't know what I was doing with CCleaner. I will obviously need to find a tutorial on it for future use.

Thanks to all you have responded and helped!!!

 

Even in Win98 you can run reg. repairs with a boot cd or a boot floppy! You can even run a repair on the installation with a windows cd so that it will repair files that are lost or damaged!