Tech Problem Aggregator

Solved: Trojan&Spyware scanner - popups

Q: Solved: Trojan&Spyware scanner - popups

My stepson's computer, running W2K SP4, is infected with something that keeps popping up malware alerts and IE or firefox windows. Right now, for example, on my screen I have a security warning about Trojan.W32.Looksky, a dialog box asking me to click OK to start SecurePCCLeaner, an IE window offering to download Trojan&Spyware scanner, another IE window also offering securePCCLeaner, and a firefox tab offering a download called "privacyprotector". The computer is almost unusable. Any help is appreciated.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 8:15:48 PM, on 9/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assis...rce=wdz3&utm_medium=bund&utm_campaign=wdz0805
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSVPS System - {3CB70CC2-303F-4A6C-824D-013AE8CFDB6B} - C:\WINNT\nsduo.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ConfidentSurf] C:\Program Files\ConfidentSurf\GDC.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\PROGRA~1\Crawler\SSaver\CSSaver.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124063720734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160805987609
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O21 - SSODL: msmhost - {FB8D3A63-4AAA-460B-8274-ECF9F993A90D} - C:\WINNT\msmhost.dll
O21 - SSODL: msmdev - {730E3EF2-CD22-4119-8ECC-9007B103E00B} - C:\WINNT\msmdev.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime\Prime95.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe

A: Solved: Trojan&Spyware scanner - popups

11 more replies
Answer Match 68.88%

Hi, please help, been getting popups for free spyware scanners, did a bitdefender scan and it managed to move 5 virus infected files, but I still get popups from 'myprivacyguard' and 'Adwareremover2007'. Bitfender also detected and blocked Trojan.Agent.BHO.N, Trojan.Agent.ABSG, Trojan.Downloader.Agent.YNQ, Adware.Agent.NAV, Trojan.Downloader.Agent.YNU in the file http://www.thenetworkcom.com/fast-update/upd_cb.zip, how can this file be removed?This is my Trendmicro HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:44:44, on 28/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Acer\Empowering Technology\eDataSecurit... Read more

A:Popups For Free Spyware Scanner

cl0ud,Welcome to the forum, you have multiple infections on this system. Lets do a few things.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallOpen HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.Some of these may be goneR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =O2 - BHO: MSVPS System - {6EB10F79-5E53-4F76-B146-409EFCDCB957} - C:\WINDOWS\movctrlfqd.dll (file missing)O3 - Toolbar: The nssfrch - {DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70} - C:\WINDOWS\nssfrch.dllO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO21 - SSODL: bxsbang - {7C244A7A-44CC-4104-8133-40430C7AF562} - C:\WINDOWS\bxsbang.dllO21 - SSODL: ocgrep - {598370DE-4746-4951-B4F6-85459895E243} - C:\WINDOWS\ocgrep.dll (file missing)We need to make sure all hidden files are showing :Click Start.Op... Read more

2 more replies
Answer Match 66.78%

All help with solving this problem and preventing its reoccurrance will be much appreciated, as this is definitely a reoccurring problem and I don't know what I'm doing to cause it!
I run on Windows XP and I use a virus protection program provided by my school's internet service as well as Lavasoft Ad-Aware SE Personal and SUPERAntiSpyware Free Edition.
I am having problems with getting popups from WinAntivirus Pro and SystemDoctor, as well as the following error messages:

---------------------------------------------------------------------------
Data Execution Prevention - Microsoft Windows
To help protect your computer, Windows has closed this program.
Name: Windows Explorer
Publisher: Microsoft Corporation
---------------------------------------------------------------------------
---------------------------------------------------------------------------
RUNDLL
Error loading
The specified module could not be found.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
DrWatson Postmortem Debugger
DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of something, the information you were working on might be lost.

Please tell Microsoft about this problem.
We have created an error report that you can send to help us improve DrWatson Postmortem Debugger. We will treat t... Read more

A:Solved: Trojan, malware/spyware popups, running slow (Hijack log)

16 more replies
Answer Match 62.16%

Hello, I have a problem with some spyware that got installed by my younger sibling on the family desktop. I was able to get rid of some of it but i still have the adware icon in the taskbar popping up.
The files that were a problem were part of the netproject spyware...i think i was able to get rid of the files that were being active which were the scit.exe and scm.exe files. The icon that's left in the taskbar is pretty much neutral right now cuz i disabled and deleted IE, but it's still annoying and im pretty sure there's still something in it.

Thanks in advance and i really appreciate the help.
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:49 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Commo... Read more

A:Please Help...spyware scanner trojan is slowing my computer

Welcome to TSG

Please download SmitfraudFix
to your Desktop.
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Answer Match 61.32%

Hello, i suspect this all happened a few days ago when a friend attempted cracking a software program for me. Which he did do, but I see I am paying for it. The day it was cracked AVG detected a trojan downloader, I don't remember the name since i dismissed it.(Had gotten them before with no problem.) But I still ran avg scans in normal and safe mode and deleted all files it showed as a threat. About 4 days later after no problem my computer started acting sluggish all of a sudden, the next day AVG detected a new threat "Exploit Spyware Scanner" through the web alert I believe it was and told me the infected file and process was IEXPLORE.EXE, which was odd since I had deleted internet explorer a long time ago. I finally found it in program files and attempted to delete it but it wouldnt let me. The files I was able to delete from the IEXPLORE.EXE folder would come back the second I deleted them so I gave up and started looking for help. Around this time I started getting popups mostly spyware/adware removal related while firefox was inactive. The site I went to suggested running SuperAntiSpyware removal program, so I did. Out of 50 minutes of scanning it has found these problems:
Adware.Vundo/Variant-PrintDlgExW 9 files
Adware.Vundo/Variant 2 files
Trojan.Downloader-NewJuan/VM 2 files
Adware.Hotbar/ShopperReports(low risk) 24 files
Adware.Zango/Shopping Report 137 files
Adware.Vundo Vairant 7 files
Trojan.Vundo-Variant/NextGen-Six 4 files
Trojan Vundo Variant... Read more

A:Exploit Spyware Scanner/Vundo & Trojan infection

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you ... Read more

2 more replies
Answer Match 59.64%

I keep getting a popup after a few pages saying.

Alert Your PC is at Risk of Virus and Spyware Attack

Your System Requires Immediate Check!

Security System Scanner will perform a Quick and Free Scan of your PC for Viruses and Spyware programs.

I have Windows Vista Ultimate 64 Bit
Avira Free Antivirus
Ad-aware
MalwareBytes' Anti-Malware

And none seem to fix or find the issue.

I have ATF Cleaner and Hijackthis installed on my computer but seeing I am new to Vista nothing looks out of the ordinary to me, or least from the normal ones XP used to use.

Any Help is Appreciated.

David

A:Help with Trojan or Spyware (popups)

Welcome to BC----------------------------Update mbam and run a FULL scanPlease post the resultsThenSAS,may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup... Read more

10 more replies
Answer Match 59.22%

Hello, I'm brand new in this forum, and I need some help, pls, trying to clean some virus(es).
I downloaded some setup.exe and of course it came with a trojan inside.
First of all, it started with some voices on the speakers, and then with popups, saying the pc has a spyware, and redirecting automatically to a website to download PC-Antispyware software.
(See pics TaskbarWarning.JPG, TaskbarWarning2.JPG, popup-trojan.JPG, popup-pc-antispyware.JPG, popup-installation.JPG)


My pc has Windows XP, with SP2 and Norton Antivirus 2006, and so far with this and some spywares(Smatfix, BitDefender Online Scanner) I've downloaded I was able to clean the voices in the speakers, but not the popups.

Finally, I found your forum, and tried following the steps previous to make a post(there are different steps so I did the following):
1. Uninstall Malware from Windows Add/Remove Program Tab : didn't have anything like the one that appears in STEP 1 of 5 steps process For Malware Removal Help
2. Run an Online scan Panda ActiveScan and found mostly cookies.
3. Didn't install Immediate Protection, so far....
4. Didn't update the Operating System, so far, till I get rid of the virus
5. Run AVG in Safe mode and got report.txt

The only one that finds something is Panda.


HERE IS THE HIJACKTHIS LOG
-----------------------------------
(This is the last log, the first one I got, had some "no file" and "missing" that I cleaned, if you need it, I can post it)... Read more

A:hijackthis log / spyware /trojan /popups

Here are the AVG screen windows....

2 more replies
Answer Match 58.38%

Seems to be a common problem, scanner.sysprotect / winantivirus and other

pop-ups. Please help, computer giving me problems. I have posted a HijackThis log. Hope you can help me, thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 14:46:09, on 25/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.co.uk/
O4 - HKLM\..\Run: [pdfFactory Pro Di... Read more

A:Solved: Scanner.sysprotect and WinAntiVirus popups! HJT log provided, please help.

10 more replies
Answer Match 57.12%

I keep getting popups in IE that send me to sites like searchfeed.com and malware alarm etc. It eventually creates so many popups that IE freezes and then none of my browsers work. Firefox seems to run fine with no popups if you start it right after boot up. But my PC is dragging now and I get random C++ error popups. I know I have a trojan but I can't seem to remove it with any anti-spyware progs (I've run windows defender and AVG Anti-spyware in normal and safe-mode, and all it's found is 39 tracer cookies - nothing in safe-mode).Any ideas anyone? Any help is MUCH appreciated!Here's my Hijack This Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:33:18 AM, on 3/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\Anvshell.exeC:\Program Files\Lexmark 1200 Series\lxczbmgr.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Go... Read more

A:Trojan Creating Ie Popups - Avg Anti-spyware Doesn't Remove

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

1 more replies
Answer Match 56.7%

Well, I was scanning my computer with Panda's ActiveScan, and I've been found with over 2,000 spyware. Yes, I've found 30 before, or 130 before, but over 2,000....it seems a bit much. (And this is after having used CleanUp!) I did what (I assume) I should, ran HijackThis, and here's my results. Thanks in advance for the help.

Logfile of HijackThis v1.99.1
Scan saved at 0421:12, on 23.02.06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Fi... Read more

A:Solved: Over a Thousand Spyware, Says My Scanner

15 more replies
Answer Match 56.7%

Hi White Knights, Good Guys and Gals,

My PC was attacked, likely through Internet Explorer today, since I haven't downloaded anything. The following are is the list of Malware that XP Security Center has notified:

=email-worm.win32.netsky.q
=rootkit.win32.agent.pp
=backdoor.win32.kbot.al
=net-worm.win32.mytob.t
=net-worm.win32.dipnet.d
=virus.win32.hala.a
=trojan.downloader.js.multi.ca
=virus.win32.gpcode.ak

and Trojan Remover has identified
c:\windows\system32\vacinit.dll

and Mcafee
NTROSKRN... (rootkit trojan)

The program "Protection Systems" continues to pop up prompting me to buy along with random IExplorer bombs despite having removed it from programs. The system regularly freezes when I employ anti-malware programs.

I have attempted to use in normal and safe operating mode (Mcafee from safe command prompt)
=Mcafee VirusScan Enterprise (halts early in operation, Identifies NTROSKRN and 11 cookies)
=Stopzilla (Halts early in operation)
=Malwarebytes(fails to open even with changed name)
=Rooter Malware Finder (Eric_71) (operates results indeterminant)
=Trojan Remover (Runs. results indeterminant)

I am not in a good position to format the PC (in the wilderness).

Any advice what is preventing these malware programs from operating?

Thanks, and happy to repay the favor particularly if you like homebrew since PC wars arent my specialty!

Lookingtree

DDS (Ver_09-06-26.01) - NTFSx86
Run by Iamcomputer at 20:41:08.59 on Wed 07/15/2009... Read more

A:Unknown Attack Disables Malware Scanner/Antivirus/Spyware Scanner

Hi, lookingtree Welcome.Please read and follow all these instructions very carefully.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease d... Read more

2 more replies
Answer Match 56.28%

Hi i have Norton Antivirus on my laptop im looking for a spyware scanner like spybot witch one is good and compatible with windows vista
thanks
 

A:Solved: A Good Free Spyware Scanner

8 more replies
Answer Match 55.02%

Hi, For two weeks now I've been infected with the Trojan Vundo Virus. It was a complete mess, the first day but I used Atribune Vundo fix like the tutorial said I should. The signs that I've been infected by a blackworm and so forth, the obvious signs of vundo were gone. But I used Norton, Trend Micro House Scan, and Panda and discovered there were still more infected files that could not be removed. I have downloaded Webroot Spysweeper, Lavasoft Ad-Ware, Bitdefender, McAfee, and so forth. They didn't work, the results of scans showed nothing or I had to pay to remove the infected files or the program could not remove the infected files or the program removed the infected files but it kept on showing up in the scans. Norton 360 for a while in the scan results, showed nothing but then suddenly started telling me my computer was infected with vundo. I downloaded SuperAntiSpyware, the free verison and there were 83 objects that were either the vundo virus, virtumonde virus, adware, or spyware. I just recently deleted my old verison of Java and updated. The sytem is working alot better but there are still popups and my firewall keeps on detecting/stopping changes being made to this browser toolbar I didn't even ad and so I don't think it's clean yet. I'm at my wit's end, ready to break down. Please help. Thank you.Here's my HijackThis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:09:26 PM, on 12/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer... Read more

A:Infected With Trojan Vundo, Virtumonde Virus, Spyware, Adware, Unwanted Browser Toolchanges, Ie Popups, And More!

Hello glassman153,Welcome to Bleeping Computer 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

29 more replies
Answer Match 53.76%

hi,
I have again all sorts of new stuff running that i did not install. I had new fav added. I have a new tool bar on IE that i did not ask for.. Just a bunch of crap that is all new...I ran adaware and spyboot and this is the new log, could you guys pls help me yet again? Thank you!
Nathan

Logfile of HijackThis v1.98.2
Scan saved at 1:43:53 AM, on 10/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\TOOLBAR\TBPS.EXE
C:\PROGRAM FILES\TOOLBAR\PIB.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
C:\WINDOWS\QUICKBROWSER.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.w... Read more

A:Solved: spyware/popups all that

11 more replies
Answer Match 53.76%

Hi all....

I was messing around the other day when suddenly (I must have opened a file containing spyware) popups, well, "popuped up" everywhere. I ran my up-to-date version of both
Ad-aware and Spybot, and that got rid of most my problems. I then ran smitfraudfix in safe mode (don't worry, I knew what I was doing, I am somewhat of an expert ) and that got rid of some more, yet there still is a few pesky ones. I know these are spyware-related and not just due to the site I was visiting. Here's my hjackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:00:20 PM, on 8/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\bwjds.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lrqhdfo.exe
O4 - HKLM\..\Run:... Read more

A:Solved: Popups-Spyware!

11 more replies
Answer Match 53.76%

I have a winantivirus pro 2006 popup and a few others that I can't seem to get rid of regardless of what I do.

I tried to use Look2Me-Destroyer, but it never re-appears after disappearing.

Any help whatsoever would be greatly appreciated. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:03:06 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
E:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\WINDOWS\system32\RunDLL32.exe
E:\Program Files\Common Files\{4C3F484A-0960-1033-0623-050309060001}\Update.exe
E:\program files\valve\steam\steam.exe
E:\PROGRA~1\CO... Read more

A:Solved: Need help with spyware & popups

7 more replies
Answer Match 53.76%

Ok, my problem is similiar to Whiz In Ache prob.
Same simptoms and everything.
More problems that I have is: Task Manager is disabled, can't open it with ctrl+alt+del.
Software subfolder in regedit (current user, local machine) was locked and i couldn't open it. now after something i did (not sure what) it works.

I attached my HJT log.
Will try to do what they told WIA in his post and report.

Thanks
Chaim
 

A:Solved: Spyware popups and more :(

I think i got it fixed.
here are my new logs
If you can just look at them and make sure I got everything removed.

thanks alot
Chaim
 

1 more replies
Answer Match 53.76%

I get random popups, but cannot seem to figure out the cause of it. I've used all of the common software (trend, ewido, adaware, spyblast, etc), but this thing keeps on coming back. Here is my hijack this log. Any suggestions?

Logfile of HijackThis v1.99.1
Scan saved at 9:33:08 PM, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Spyware\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavCl... Read more

A:Solved: Spyware/Popups, Please see Log

16 more replies
Answer Match 53.76%

Recently I just got a bunch of popups from different sites....heres a couple I was able to get addys from

http://ads.clicksor.com/serving/
http://popunder.paypopup.com

I've run Norton Spybot Pest Patrol Ad-Aware Spyware Doctor Cleanup and I just cant seem to rid them....I cant find anything added in my add-remove or programs folder that would cause these popups and Im hoping you can help me
Logfile of HijackThis v1.99.1
Scan saved at 6:02:00 PM, on 12/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\... Read more

A:Solved: Help with spyware--popups please

16 more replies
Answer Match 52.92%

I keep getting popups lately and I've run spybot and adaware and my antivirus. I keep coming up with spyware, and I delete it, but it always comes back. Everytime I start up the computer SpywareGuard catches a file called "cbaax.dll" that is trying to change something in Internet Explorer. My antivirus also occasionally catches a trojan(I think Vundo?) and deletes it, but it keeps coming back. Help appreciated:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:39:23 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Progr... Read more

A:Solved: Spyware problem with popups!

11 more replies
Answer Match 52.92%

Hi guys;

I've hit bad with spyware and pop ups. Please help me before I do something drastic like reformat!
Thanks in advance.

Hijack This! log follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:39:22 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComS.... Read more

A:Solved: Persistant spyware and popups

9 more replies
Answer Match 52.92%

There are few problems that I need help solving because I am seriously running out of ideas.
The general problem are popping up windows - one false alarm of trojan w32.loosky and another false windows security alert,that tries to open some weird adress in IE when closed (probably trying to download something). Also,3 new programs got downloaded on the PC - one of them is called Privacy Protector and another 2 are some so-called antispyware programs or something like that. The problem is that the infected PC isn't mine - it's actually friends,but I told him that i will try my best to solve those annoying popups and programs. I turned off system restore,ran spybot first to get rid of spyware,it found a lot of entries,deleted them all,later i ran NOD32 to make sure that i cleaned viruses and trojans,it found 20 entries and fixed them all,but it didn't help - the popups still continued to show. I also tried VundoFix,but it hasn't found any infection.Last thing I did was running SuperAntiSpyware,it cleaned cca 90 entries,but it didn't seem to help - like they keep coming,even though i turned off sys restore. The next program I'm considering running is Ad-Aware,but I would like to get some more ideas because I'm not really used to spyware this stubborn,and another problem is that I have to go to my friends' house every time i want to try something new,and that isn't really practical.
The OS in question is Windows XP SP2,and here is Hijac... Read more

A:Solved: Spyware/popups problems

Hi and welcome

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
 

3 more replies
Answer Match 52.92%

Earlier I got a new virus, even though I didn't do anything different today then I did any other day. Suddenly my computer restarted and Search Miracle was there, so I downloaded some spyware removal programs. Finally I came across one that worked, Ad-Aware, and I scanned, getting 837 results. I deleted them all, but 3 viruses are still there. One is definately Search Miracle, but luckily it's no longer with it's "elite bar" and links. Another is Castlevania, and the last is revenue.net. Castlevania and revenue spawn pop ups once per five minutes (each), and, I clocked it, Search Miracle appears once per 30 seconds. I don't know anything about this, and all I really want is for them to slow down.
 

A:Solved: Mass popups/spyware

11 more replies
Answer Match 52.92%

Hi All,

Any help would be greatly appreciated. Here is the hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:50:05 AM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\PowerPanel\Pro... Read more

A:Solved: spyware, popups, toolbars

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in ... Read more

3 more replies
Answer Match 52.92%

well, it is my way of helping, i am cleaning my officemates' computers... because i believe they are sick.

anyone, help... please...

thanks!

Logfile of HijackThis v1.99.1
Scan saved at 2:53:56 PM, on 3/22/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\YBXPM.EXE
C:\PROGRAM FILES\POPCHAT\POPCHAT.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com... Read more

A:Solved: Annoying Popups, maybe this pc has a SPYWARE

8 more replies
Answer Match 52.92%

Have installed and run spybot, ad aware, microsoft beta, spywareblaster.

Here is the first hjt log following all the above scans:

Logfile of HijackThis v1.99.1
Scan saved at 2:50:58 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl... Read more

A:Solved: copious spyware & popups

16 more replies
Answer Match 52.92%

First of all, thank you for the great service that this forum does.

Yesterday afternoon I became infected with some spyware/adware/malware of some kind. IE popups started to occur randomly and my CPU was really chugging.

I've run several spyware programs (Windows Defender, AdAware, Spybot Search & Destroy, etc...). I think I've reduced some of the issues, but the popups still show up from time to time.

My current HiJack This log is below.

Thanks a million for any help!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:43:00 AM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:... Read more

A:Solved: Infected with Spyware - popups! Help!

15 more replies
Answer Match 52.92%

I have been getting these annoying popusps from sites such as: amaena, drve cleaner, and other security popups... frommyunderstanding i think that they are spyware..

is theere away of getting rid f them for FREE...

please help...thanks alot
 

A:Solved: Annoying spyware popups, please help!

16 more replies
Answer Match 52.92%

I continue to have spyware that can't be removed and continual popups when browsing. I've tried everthing I know and would appreciate someone's help.

I have several spyware programs (listed below), but (a) when I run them twice in a row they always find lots of spyware again the second time, (b) they identify items that they say they can't remove, and (c) Spysweeper continually opens windows to identify the same threats.

When I'm online, I often get so many popups it's impossible to work.

Here's what I have and what I've done, followed by my Hijackthis log.

Any help would be greatly appreciated!

Rayas78

1. My computer is an IBM ThinkPad X40, with XP Professional 2002, Service Pack 2, 1.2 Gig, 504 RAM

2. I have all the high priority updates installed from Windows Update.

3. I have followed the instructions in "How Did I Get Infected in the First Place?" regarding Explorer options (Active X controls, etc.).

4. I use Firefox. I only use Explorer on sites that require it.

5. I have Spyware Blaster, Spyware Guard, Adaware, Spybot, and Spysweeper (with up to date definitions). However, I didn't install IE-SPYAD--since I rarely use Explorer and the description made me a little wary.

6. To add to my frustration, I completely reformatted the machine only about two months ago, using the Access IBM utility, to deal with accumulated spyware and poor performance. It worked like new for the first month, but then problems sta... Read more

A:Solved: Can't Eliminate Spyware, Popups--Help!

7 more replies
Answer Match 52.92%

Hi I seem to be having the same problem as
jnieman21
I am infected by some nasty bugs, yielding popups and some system instability. If someone could please inform me what to do, as I have tried numerous programs from removal (Adware, spybot, avg, ewido, all of which are fully upgraded).

Here is my Hijackthis file
Logfile of HijackThis v1.99.1
Scan saved at 9:11:46 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\logonui.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\gwldbtk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\dinst.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\j?vaw.exe
C:\WINNT\wupdsnff.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\explorer.exe
C:\Program Files\hewl\rcua.exe
C:\WINNT\system32\logon.scr
C:\Progra... Read more

A:Solved: Spyware and Malware popups

13 more replies
Answer Match 52.92%

Hey guys

Alrighty I think my latpop is hit with a really nasty trojan called virtumonde.generic which i think is the combo of generic.dx which mcAfee is detecting as and virtumonde which spybot is coming up as. I've used SuperAntispyware and found winfixed and prob fixed it. I also used Vundofixer but seems like spybot is still detecting virtumonde.generic and won't delete even after reboots. The generic trojan is quite annoying. Cannot delete the windows update and help&support icon on the desktop as it comes back again and again. Also all these windows error keep popping up randomly like critical error could occur and memory stuff.

Also AdClicker-FX has been detected as well by mcAfee but cannot delete it. soo useless.
Another trojan i think is on there is called downloaderConHooker, something like that

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:56 PM, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDO... Read more

A:Solved: another new spyware after assumption trojan and spyware cleared

11 more replies
Answer Match 52.5%

my computer has been infected with spy locked. I thought I got rid of it a week ago, but windows auto-restarted my computer today, and when I got home from work the popup in the systray was back.My anti spyware programs don't seem to see it at all now. I've tried SpyBot: Search and Destroy, and last week it found it, and the popup stopped, but now SpyBot says everything is ok.

Please help me, this thing is driving me crazy, and I can't figure out how to squash it.

Here is a current SmitFraudFix scan report

SmitFraudFix v2.171

Scan done at 15:20:26.10, Wed 05/09/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"

[HKEY_CLASSES_ROOT\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"
Killing process
... Read more

A:Solved: Sys tray popups, Spyware. Help needed

16 more replies
Answer Match 52.5%

Running: Windows XP
Virus Scan: Symantec Antivirus
Also equipped with: Ad Aware, which says I'm clean now.
Web browser of choice: Mozilla Firefox

Problem: I recently got hit by a bunch of different popups for phoney antivirus programs that keep insisting I install them. Something managed to worm its way into my computer. I ran my antivirus, cleaned out some junk, ran ad-aware, cleaned out more junk, then uninstalled firefox and reinstalled it after cleaning out its folder. Then I did a little looking around the web when popups persisted; I paid attention to the products they kept trying to push on me. One of them was Sysprotect, the other was Winantivirus. I found a solution to the sysprotect stuff on Symantec's site yesterday and cleaned its clock, but I noticed, peculiarly, that only a few of the files that Symantec mentioned existed--possibly because I never let sysprotect install, but that's just a theory. I've been running my computer all day, and finally, around 12:30-1:00 AM, I got hit with another set of Winantivirus popups while browsing through my music folder. I couldn't find a solid solution to Winantivirus just cruising around the 'net--at least, not one that exactly fit my unique situation of having removed--I THINK, at least--most of the components of the worm it was part of. They also described popups that I didn't get.

I need to get this junk off my computer, and I need to be sure I got everything. Please help!

Here'... Read more

A:Solved: Spyware problem; Winantivirus popups

9 more replies
Answer Match 52.5%

Lately I have been getting these Internet Security popups, which I know are spyware. I think my brother got them in this computer by looking into "bad" websites. He's 7 years older than me. I just want to get rid of these popups. I've never seen them until today. Any help is appreciated. Also, really NASTY popups come up very RANDOMLY, almost gets me in trouble. Which is REALLY annoying.
 

A:Solved: Real Nuisance from spyware PopUps.

16 more replies
Answer Match 52.5%

i have a compaq presario with windows XP.

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:56 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscU... Read more

A:Solved: spyware and popups every 2 minutes;hijackthis log

14 more replies
Answer Match 52.5%

Hi there,

I'm hoping someone can help me with the problems I'm having with my computer. From reading another post, I dowloaded and ran HJT and will post the log below. A run down of what's happening... upon turning on my computer a couple of nights ago, popups indicating security alerts, spyware alerts, etc started, slowing the speed of my computer to a crawl. When clicked on, these popups automatically redirect me to internet websites for spyware removal tools, none of which I've downloaded. Please let me know if you need more info.

Edited to add: I'm running Windows XP Professional on a refurbished IBM Thinkpad.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:45 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.ex... Read more

A:Solved: Spyware/Security alerts, popups, and HJT log

7 more replies
Answer Match 52.5%

I have another post on here about my screen turning blue with a warning message and black bugs. I followed the advice on other logs using combo fix and I no longer have the issue with the screen and bugs. I tried to mark the post as Solved but it will not let me. The button is not there.

Now I am having an issue with constant spyware popups and security alerts. My keystrokes are very slow as if someone is watching them or it won't let me type at all. I had a lot of trouble logging into this site. I had to log in about 12 times before it even recognized I was loggin in. Windows Defender tells me my system is running as normal.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:18 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe... Read more

More replies
Answer Match 52.5%

Hi basically i have a VERY similar problam to the guy on the link below
http://forums.techguy.org/showthread.php?p=2169121

where after using annti-spyware spoftwares the elite-bar problem keeps on coming back each time i restart my PC.

I have Notorns Internet Security Installed, and now have Spybot S&D, MS ANitiSpyware, and Adaware Personal SE. All seem to find the spyware but none of them seem to stop it coming back.

My Hijack This log is as below:

Logfile of HijackThis v1.99.1
Scan saved at 22:52:16, on 18/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
... Read more

A:Solved: tojan elitebar spyware popups

Download CWShredder http://www.intermute.com/spysubtract/cwshredder_download.html
Close all browser windows,
Open cwshredder.exe then click "Fix" and let it run.

Print this and boot to safe mode
Fix these with HJT

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\eliteehh32.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1577785...ip/RdxIE601.cab

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

C:\winnt\system32\eliteehh32.exe

START RUN key in %temp% OK - Edit Select all File Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log
 

3 more replies
Answer Match 52.5%

Howdy.

I was referred to these forums from Spyware Warrior. I am hoping that someone here can help with my problem.

I'm sure you will already have heard of this certain annoyance before, but I'll explain the specific symptoms experienced.

For at least 3-4 months, a window has been popping up several times a day that looks like this:

This is the Swedish version anyway. I'm sure you're all familiar with it.

And then after clicking Avbryt (cancel) it pops up with 3 more windows consecutively once one is closed.

This happens basically every time Internet Explorer is opened.

I have browsed the internet to see if I could find any thing to assist with the removal, but came to nothing that didn't have a cost. I've since read that buying these programs really does nothing to assist.

Before posting here I performed both a Spyware and Anti-Virus scan to remove what I could.

Following is my HJT file.

Logfile of HijackThis v1.99.1
Scan saved at 16:09:48, on 2006-03-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Norton Internet Security\ISSVC.e... Read more

A:Solved: Problems with ErrorSafe spyware popups.

15 more replies
Answer Match 52.5%

My computer has become increasingly slower and slower...the amount of popups I have been getting lately has gone through the roof. I suspect I may have one or many problems with my computer. Is there anybody that would be willing to take a quick peek at my hijack this log? Being a somewhat technology illiterate girl, I don't exactly know how to explain what's goin on on my computer...if anybody needs to know more info just lemme know.

Thanks guys

Logfile of HijackThis v1.99.1
Scan saved at 10:36:58 PM, on 1/24/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MusicMatch\MusicMatch J... Read more

A:Solved: Popups and Spyware and a Slow Computer

16 more replies
Answer Match 52.5%

Been trying to get rid of this for 2 days now. Opens new windows with various ads, mainly software for virus removal or security protection. When Spybot S&D is run it finds and removes the following Tracking cookies but does not remove the source of the problem.

Advertising.com
Advivia
Avenue A, Inc.
Double Click
Errorsafe
ReliableStats
SystemDoctor2006
Winsoftware

My HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 15:11:55, on 08/03/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\avgagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\sistray.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\Ti... Read more

A:Solved: Antivirus & spyware popups in Firefox

8 more replies
Answer Match 52.5%

Currently recieved both of the following viruses:

Adservice scanner

Trojan.Downloader.Small.CML

Initially used spyware doctor to remove, but they would keep comming back.

Have used ATF cleaner and Hijack this:

Here is the Hijack this log file info:

Logfile of HijackThis v1.99.1
Scan saved at 12:08:19 , on 2/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\... Read more

A:Solved: Adservice scanner and Trojan DownloaderSmall virus

13 more replies
Answer Match 52.08%

Got infected with Downloader a few months ago and thought I cleared it up and this past Sat when viewing friend's pics on myspace, suddenly bombarded with popups and drastic slowdown of pc, found WinAntiVirusPro (promptly deleted) but there could be more and I don't know enough and want to be sure I clear everything up correctly. I hope someone can help. Here's my hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:58 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BroadJump\Cl... Read more

A:Solved: WinAntivirusPro- lots of popups - possibly more spyware

7 more replies
Answer Match 52.08%

i need a real time spyware scanner for free. I also need a virus scanner (realtime) avast, avg, or antivir? Does anybody have suggestions?
 

A:real time spyware spyware scanner? (free)

16 more replies
Answer Match 52.08%

I just reinstalled Win2000 and didn't install anything but motherboard drivers, audio/video. It's picking up the Win32: Trojan-Gen virus on Reboot.exe. I read that Reboot.exe is a necessary file. Any idea why I'm getting this and should I delete?
 

More replies
Answer Match 51.66%

As mentioned in the title my computer has recently been dominated by various spyware. I spent the better part of two days actively reading tech forums and have failed so far, so I figured its time to see if I can get someone to hold my hand through this.

Essentially i've tried AVG 7.5, Trendmicro, and Ad-aware as well as Symantec's fix for Vundo and Virtumonde. Seemingly everything is deleted and cleared until the computer is rebooted and then once again everything has been brought back to life.

I managed to "i think" remove some of the issues however Trojan.Small and Trojan.Dialer.QC remain for sure. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:53:58 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Mic... Read more

A:Solved: Trojan.Small, Trojan.Dialer.qc and Vundo / virtumonde spyware. + Hijackthis Log

10 more replies
Answer Match 51.24%

Hello All

I have really tried to find an answer looking at others posts but it seems like each persons problem is unique to their computer.

I never had any spyware problems before so I'm unfamiliar with a lot of programs. I have installed, adaware, spybot, avg antispyware, cleanup, win patrol, AntiVir Guard, and windows defender all because I have read other peoples posts. I know I probably don't need all of this but I didn't know what else to do. Also I am not too familiar with registry edits so I know I need to be careful if I have to change anything.

These are my computer's symptoms:

AntiVirGuard pops up 3 to 13 times saying trojan horses are detected what do I want to do? I usually select delete or block.

Then everything is usually ok until I get on the internet after which my computer redirects the sites I type in to a site called Jack9.com this happens every few minutes. Sometimes I get a bunch of popups in rapid succession and it freezes my computer. I have to restart windows explorer or restart the computer when this happens.

I have run every single previously mentioned program several times during startup and safe mode if possible and while they find things....they must be missing something because the problems continue.

I came across HiJack this and I have the log from the program. I am not completely sure what to do with it or if it can help but any assistance anyone can offer would be greatly appriciated. The log is below:
Logfile of ... Read more

A:Solved: Spyware, popups and keeps coming back HiJack this log included Please help

16 more replies
Answer Match 51.24%

Logfile of HijackThis v1.99.1
Scan saved at 12:50:19 AM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_... Read more

A:Solved: System slowing down and popups for spyware removal constant

10 more replies
Answer Match 50.82%

Hi,
Before I post my problem, I would like to thank everyone who pitches in here to help people affected by these spyware.

Problem: IE / Firefox slows down. Clicking on google waits for ever. Spybot finds a vundu in the scan. It is able to remove it but then next time it finds it again so removal is not permanent. One thing that I would also like to mention is that killing the explorer.exe ( not the IE) makes the system work like normal.

Hijack this log: ( also attaching it)
==========================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:42 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\windows\micro... Read more

A:Solved: explorer.exe affected by Vundu. Spyware Attack. Lots of popups

8 more replies
Answer Match 50.82%

Well yeah everyon knows how spyware works,but when it gets to this point,how do you beat it?
 

A:Solved: Spyware popups are showing my IP adress and its gonna get worse!!! PLZ HELP FAST!

16 more replies
Answer Match 50.82%

Hello TSGF,
I caught something-- your help is much appreciated!
-on desktop: "Warning: Spyware threat has been detected on your PC."
-popups, including "Your computer is working slowly",
"Warning: Your computer is infected..., "Click here", etc.
IE pages auto-opening with "Top-rated Spyware Removal..." etc. etc.
-"Task Manager has been disabled by your administrator"
Nothing new for you, yes?
Thank you very much---

My HJT log............

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:48:20 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis_v2.e... Read more

A:Solved: Task Manager disabled, fake Spyware removal popups, etc.

Update---
I have run and/or am running
AVAST!, Spybot SD, and Ad-Aware,
Was told by "expert" that I have Zlob.trojan and/or smitfraud,
both of which reportedly may be cured via Spybot or Ad-Aware.
But still have same issues affecting:
Task Manager (not available)
Desktop (hijacked with spyware ad)
Toobar (regular ad/warning popups)
IE (regular ad/warning popups)
...please someone help soon--
been waiting for days-- thank you...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:59:41 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explo... Read more

2 more replies
Answer Match 49.98%

I've run Spybot Search and Destroy and Adaware to no avail. Here's my HijackThis! log. Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 11:26:39 PM, on 9/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program File... Read more

A:Solved: Winfixer popups and others-Trojan?

7 more replies
Answer Match 49.98%

I am hoping someone here can give me some help in removing a trojan, maybe a few.

Started this morning when AVG popped up telling me an alert, I got 4 of them when I tried accessing my C drive to uninstall the Google Toolbar (which I am not sure is completely gone). The alerts gave these locations when they popped up:

docume~1\Admini~1\Locals~1\Temp\xcbqymfw.dll
docume~1\Admini~1\Locals~1\Temp\htyvttfs.dll
docume~1\Admini~1\Locals~1\Temp\bejtwed.dll
docume~1\Admini~1\Locals~1\Temp\awcbxduq.dll

I cleaned, or tried, to clean out my temp folder, and I got a few that I could not delete due to one being used and the rest (4 files) having an access denied message.

dfse08 - being used by another person or program
df7fb7 - access denied
df75da - access denied
df754d - access denied
df804b - access denied

I also was told I could not delete: removalfile.bat

I am getting warning boxes that pop up usually on every other opening of IE about possible viruses and trojans infecting my computer, and that scanning and running a certain program can fix and remove whatever is infesting my computer. So far I have gotten the warning text and subsequent popups for:

System Doctor
SysProtect
WinAntivirus Pro 2006

I downloaded HijackThis and my log is below. Hopefully I can get some help as this is driving me crazy.

I am running AVG as I am typing this and when it finishes, I'll reply with what it found. Thanks in advance for all the help.

------------------------------------------

L... Read more

A:Solved: Trojan Help/AntiVirus Popups

13 more replies
Answer Match 49.98%

Hi Guy(s),

Norton found 11 threats and successfully (I think) deleted 3 (shown). the other 8 were not deleted:

180Sinstaller.exe
AppWrap[2].exe (deleted)
AUNPS2.dll
bjuebbgghn.exe 9 (deleted)
delc9.tmp
deld3.tmp
m67m.ocx
resCA.tmp
temp.fr 10DB (deleted
unstall.exe
unstall[1].exe

I started to try to delete them manually but "could not access" them.

I have 3 users on my PC with WIN XP Home Edition with all updates current. All users use Outlook and User 1 (me) and 2 have been getting absolutely blank e-mails lately, which we deleted, and then permanently deleted. Related to the issue?

I was running Internet Explorer but installed Firefox when the popups attacked.... to no avail. They still popup - even when nothing is open (they are popping as I write this).

I have 3 "hijackthis" logs, (one each as I logged in to each user) but I don't see how to attach them. Should I just copy/paste all the text?

Oh yeah, While Norton was scanning, a message said something about a Trojan virus, but as I repeated the scan no messages returned. Perhaps it was successful in deleting or quarantining it?

Thanks!

Keely
 

A:Solved: popups galore & a possible trojan

16 more replies
Answer Match 49.98%

Hi,
I have a trojan virus, I performed the following but still can not get rid of the virus or ads. My pc is running very slow as well.
1) Ran Trend Micor Pc-cillin Internet 2007 (did not detect the Trojan virus)
2) Ran HJT (log attached below)
3) Ran ATF Cleaner
I followed the thread from cathio (03-May-2007 12:12 PM - Solved: Need help with Trojan.Adclicker). What do I do next? Could you please review my log and see what I need to delete. How do I also get rid of Ultimate Fixer.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:25:28 AM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files... Read more

A:Solved: Trojan virus, popups and ads

9 more replies
Answer Match 49.56%

Hello everyone,
I was searching the net about sitypnow and found this forum. I saw the sitypnow entry in my hijackthis log and decided to investigate.
Recently i were experiencing some popups, internet slowdown and reconnections.
I have NOD32 as my antivirus and it was detecting the following entries every couple of hours:

10/2/2007 14:10:45 PM AMON file C:\Documents and Settings\Ilya\Local Settings\Temporary Internet Files\Content.IE5\4J9JMMB5\bobik[2] probably a variant of Win32/BHO.G trojan quarantined - deleted DESKTOP1\Ilya Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.

10/2/2007 14:10:42 PM AMON file C:\DOCUME~1\Ilya\LOCALS~1\Temp\yiukkinw.dll probably a variant of Win32/BHO.G trojan quarantined - deleted DESKTOP1\Ilya Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.

10/2/2007 14:10:35 PM IMON file http://82.98.235.78/cc/bobik.dll?ui...7FEFFFF&guid=5DDD5CEC9DE44F4082C7819539520460 probably a variant of Win32/BHO.G trojan DESKTOP1\Ilya

I did a spybot s&d scan and an Ad-AwareSE scan and the problem persists.

Hijackthis log attached.

Thanks for the help in advance!
 

A:Solved: sitypnow, popups, bobik.dll, bho.g trojan?

10 more replies
Answer Match 49.56%

Hi--

I have a problem similar to http://forums.techguy.org/security/4...fo-popups.html but not exactly the same. These popups from outerinfo come without warning on my computer, one every 8 minutes or so.
I downloaded and installed Webroot Spy Sweeper, and did a custom scan with everything enabled (including sweeping the system restore files). Here is a log since Friday:

10:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM.HSD1.MA.COMCAST.NET
10:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM
10:39 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM.HSD1.MA.COMCAST.NET
10:39 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM
10:39 AM: ApplicationMinimized - EXIT
10:39 AM: ApplicationMinimized - ENTER
10:38 AM: Your virus definitions have been updated.
10:38 AM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
10:38 AM: Your definitions are up to date.
10:37 AM: ApplicationMinimized - EXIT
10:37 AM: ApplicationMinimized - ENTER
10:34 AM: ApplicationMinimized - EXIT
10:34 AM: ApplicationMinimized - ENTER
10:33 AM: Removal process completed. Elapsed time 00:00:02
10:33 AM: Quarantining All Traces: zedo cookie
10:33 AM: Quarantining All Traces: serving-sys cookie
10:33 AM: Quarantining All Traces: bs.serving-sys cookie
10:33 AM: Quarantining All Traces: atwola cookie
10:33 AM: Quarantining All Traces: atla... Read more

A:Solved: Popups and Trojan (Purityscan and Outerinfo), Please help!!!!

12 more replies
Answer Match 49.56%

I am getting popups about [email protected], [email protected], Spyware.Cyberlog-X. I alos have two Iconson my desktop - Live Safety Center and Online Security Guide. I get sites coming up on IE almost everytime I close a page. And I know this started from a downloder program.

Here is my HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:48 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\EPOAgent\naimas32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\DELLMMKB.EXE
C:\EPOAgent\naimag32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.e... Read more

More replies
Answer Match 48.72%

Hello, My computer started giving me problems a week or so ago in the form of popups while online, it also slowed way down. At one point I could hardly access websites. At the time I was using the windows firewall,AVG 8.0(which I have since learned is pretty lousy compared to the older versions),and Adaware 08.I did much research and scanned with Kaspersky online scanner. It found several variants of win32monder.(YQ,MX,YS,YO,YN) , and Email worm win32.tantos B. Adaware found win32virtumonde.yeb,and win32ezula.ak
I have since got rid of AVG and installed Avast. I also got rid of Adaware and installed Spywareblaster and Spybot S&D and switched to the Zonealarm firewall. I still have these problems but not as severe.
I am now in need of someone much more educated in these matters than I am to remedy my problems. Any help would be greatlly appreciated, Thank you.

Deckard's System Scanner v20071014.68
Run by Brian on 2008-07-04 19:15:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-04 19:18:00
Platform: Windows... Read more

A:[SOLVED] Comp. slow with popups, Trojan win32monder

bump. no help yet

10 more replies
Answer Match 48.72%

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:22:36 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\Documents and Settings\Mark\Desktop\james stuff\cureit.exe
C:\DOCUME~1\ADMINI~1.MKB\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\ADMINI~1.MKB\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Documents and Settings\Mark\Desktop\james stuff\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3... Read more

A:Solved: popups/redirect -trojan.adclicker - hjt and sdfix

16 more replies
Answer Match 48.3%

a few days ago, while browsing online, an error message came up saying that norton has encountered an error and the computer must restart. so i restarted the computer and then when i opend up the internet, many popups came up (popups such as antivirus 2009 and ads to buy products) and i couldn't even navigate because the website would just change. there was also an icon of the red windows shield in the icon tray on the bottom right giving off notices that '___ virus has been encountered on your computer, click here to fix it", but i did NOT click there because i suspect it to be a component of antivirus 2009. also, there was a desktop shortcut about porn, and whenever i tried dragging it into the recycle bin, it kept on coming back. eventually, after 5 tries, it finally went away. i got help in the 'am i infected? what do i do' forum. we did many scans, but the same 5 infections keep on coming up in mbam, and mbam will not update. heres a link to the thread:http://www.bleepingcomputer.com/forums/t/190994/trojan-vundo-popups-antivirus-2009-windows-defender/i was advised to post a log in this forum. here it is. and i really appreciate all the help. thank you so much:DDS (Version 1.1.0) - NTFSx86 Run by Ownder at 15:13:18.71 on Sun 01/04/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.257 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Updated)FW: Norton 360 *enabled*============== Running Processes ===============C:\WI... Read more

A:Trojan Vundo, popups, rootkit problem, have many popups, norton 360 won't open but still enabled

Hello and welcome to BC forums.As I'm sure you have noticed, the HJT forum is super-busy. If you still have issues, please do the following. And if you have resolved the problem, Please reply to advise us of that.Has Norton 360 always been installed on this system, since day 1? and why do I think you misght only have had it installed in late December ? and why did I not see it listed as active?You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!These steps are for member srk_fan22 only. If you are a lurker, do NOT try this on your system! If you are not srk_fan22 and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use!Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from here: http://cid-6aaab341ce47c5c2.skydrive.live....FixPolicies.exe Double-click FixPolicies.exe. Click the "Install" button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd. A black box ... Read more

34 more replies
Answer Match 48.3%

Hi, I have a Dell Inspiron 6400 laptop running XP (SP2) and IE7 which seems to have been infected with a trojan called Vundo. I have real-time virus scanning via McAfee and it leapt into action last weekend with a series of red 'critical system change' messages when I must have stumbled on a hacked webpage.

Initially nothing appeared to be wrong but the next day I noticed that the 'Security Centre' was giving me a red alert shield to tell me that automatic Windows Updates were turned off (and it couldn't turn them back on from the balloon that comes up) but when I looked into it via 'Control Panel' the Windows Updates were set to 'automatic'. Later on McAfee alerted me that it had found an removed a Trojan called 'Vundo' (about 8-9 instances of it) but it obviously hadn't because when I next switched on, it detected and 'removed' them all again. I have run AVG, Malwarebytes' Anti-Malware and Laversoft Ad-Aware which all found several infected files on different scans and they seemed to fix the issue I was having with the security centre and also a couple of error messages I had on start up.

Initially my net access was slowed to a crawl and the trojan was also bringing up a series of popups on my main IE browser window trying to encourage me to click on fake virus scan installers but these seems to have mainly stopped (and my net access is now at normal speed), however I'm still getting random ... Read more

More replies
Answer Match 48.3%

Hey guys, i've seen on the forum that many people has problems with the trojan.vundo. So hopefully you can help me too. I basically tried everything from Symantec to remove it but nothing successfull. Here is my Highjack this log:

Deckard's System Scanner v20071014.68
Run by Francois on 2007-11-30 13:32:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Francois.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:32:25 PM, on 2007/11/30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symant... Read more

A:[SOLVED] Trojan.vundo, Constant Popups and slowed system.

bump!

16 more replies
Answer Match 48.3%

Two days ago I was graced with the gift of having the Virus Scanner 2008 malware infection. After pulling my hair out for several hours I finally got rid of that, or so I thought. The initial infection would not allow me to update windows or my anti virus software or go to any website pertaining to the malware. I got past that and I am not getting those pop ups any longer but am still receiving other pop ups. I use firefox browser and the pop ups are IE and they are random. I have scanned with malwarebits and ad aware and also ran a deep system scan with my Anti virus software Bit defender. I cannot seem to find the culprit. Here is my HJT log and thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:17 AM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOW... Read more

A:IE popups after Virus Scanner 2008 infection

Bumping for some help
 

1 more replies
Answer Match 48.3%

Hello! Thanks in advance for any help you guys can offer.

My computer is having all kinds of problems all of a sudden.

1. I had a fake virus scanner spyware popping up all week but I haven't seen it for a couple of days now.

2.The Windows Vista security service has been disabled and cannot be started.

3. Most annoying part of all is I'm getting sounds of people talking on my computer. It sounds like movie scripts or interviews or something. These sounds continue even when I close every open window.

4. I use Firefox but internet explorer randomly pops up with ads. Google image search doesn't work all of a sudden. Instead of pages of results, I just get blank white pages.

5. I downloaded Spybot S&D and can get it to run in the task bar but when I want to run the actual program, I get the "stopped working" message every time.

6. Malware Bytes works just fine for quick scans but the full scan always crashes at some point. In addition to that, I can't update it. When I go to the update tab, it finds an update, downloads it and then says the program will now close and install the update. The program closes but nothing happens after that.

7. I now have some program file called "net.net" that tries to run every time I turn on the computer. I can't remember the exact error message but I believe it's the message that wants me to find a program to associate with this file type.

8. I cannot run GMER as per the instructions for creating ... Read more

A:Fake scanner, popups, hearing voices

Note - I noticed someone else has a very similar problem to me. I read through his thread and downloaded ComboFix but had a problem disabling Norton360 and Spybot Search and Destroy. There aren't any icons in the system tray. Where else can I go to disable these programs?

Edit - I will also uninstall Limewire.

19 more replies
Answer Match 47.88%

The Online Kaspersky scanner I used has found Trojan-Spy.HTML.Fraud.gen & Trojan.JS.Redirector.b but I really don't know what to do now. I've been trying to take bits and pieces of the information I've found on related posts but nothing seems to work. I almost feel now that personalized attention is my best bet. If anyone with the ability to assist me could help me I'd truly appreciate it. The online Kasperky scan results are as follows:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 24, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 24, 2009 06:43:12
Records in database: 2524312
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 93217
Threat name 2
Infected objects 35
Suspicious objects 8
Duration of the scan 03:09:24

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\Users\1\Front\1\M0000004630.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\Users\1\Front\1\M0000005939.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee ... Read more

A:Online Kaspersky scanner found Trojan-Spy.HTML.Fraud.gen & Trojan.JS.Redirector.b

Your log looks like it is seeing quarantined McAfee files. Let's start with malwarebytes and go from thereThe process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a mes... Read more

11 more replies
Answer Match 47.88%

I must apologize in advance, I am not very computer savvy, but something happened to my computer and now there are pop ups everywhere!

I have done everything in the 5 steps outlined in the sticky.

A few notes: Panda ActiveScan will not run for me. It says there are errors on the page when it gets to the part where I could click for it to scan my computer. I think I may be having a javascript issue?

Ad Aware SE, when running the Lavasoft VX2 Cleaner says the following message: Possible New Variant Found. Please submit the file file contained in C:\vx2logs.txt for anslysis.

The log says:
Posssible new VX2 variant file:
C:\WINDOWS\system32\irpol5731.dll

While posting this, these are an example of the popups I am getting:

http://www.mediapurchases.com/normal/yyy65.html

http://www.health-yshopping.com/normal/yyy65.html


http://www.blow-outsales.com/normal/yyy65.html

http://www.realcoupon-s.com/normal/yyy65.html

I'm not sure what other info to post, other than I'm *thisclose* to wiping and reinstalling, except I have pictures of my kids uploaded that I had not burned to CDrom yet, and I would be devastated to lose them. Please let me know if you require any more info from me.

Here's the Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:38:43 PM, on 2/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.e... Read more

A:y65.html popups, virus scanner popups, possible virus?

Hi and welcome to TSF

I'm Jet Ian, and I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. Please be patient with me during this time.

We also recommend that you Subscribe to this thread so that when I or the other experts replied, you will get an email notification. To do this: Click on then and make sure you set it to Instant notification by email.

19 more replies
Answer Match 47.88%

I was running Norton Internet Security, however the subscription ran out so I decided to switch to AVGs free version. Problems started happening immediately after uninstalling norton. I get a fake virus scanner that pops up. Google chrome is redirected any time I try to load a page. I'm unable to load task manager(its missing from the options when I hit ctrl+alt+del)I've run avg in both normal and safe mode. It removed CRYPTIC.HO and now the scans come up clean, but I'm still having the browser redirects and the fake virus scanner pop up.When attempting to run gmer my comp crashes to a BSOD (attempted to run 3 times and once in safe mode.)DDS (Ver_10-03-17.01) - NTFSx86 Run by Colton at 17:24:35.93 on Thu 04/29/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2045.919 [GMT -7:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exec:\windows\system32\svchost.exe -k dcomlaunchc:\windows\system32\svchost.exe -k rpcssc:\windows\system32\svchost.exe -k localservicenetworkrestrictedc:\windows\syste... Read more

A:browser hijacked, fake virus scanner popups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Answer Match 47.88%

I got this Total Security virus that shows up as a fake windows warning that you're computer has a virus and needs a virus scan. I thought I've figured out how to remove it, by stopping the process and running Malwarebyte's Anti Malware software but it comes back like 4 times now and I have to do the removal process all over again. I've also been having more popups lately.

Thanks for your help.

DDS (Ver_09-09-24.01) - NTFSx86
Run by Nancy at 19:43:26.64 on Fri 09/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.385 [GMT -7:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EX... Read more

A:Total Security fake virus scanner and other popups

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.----------------------------*-------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is ne... Read more

15 more replies
Answer Match 47.88%

Computer gone mad. I had to close 46 IE browser windows last night and 54 this morning. All say 'your computer is infected' 'scanning now' or something to that efffect. Can't figure out how to fix this. Please help. I am posting the Kasperky scanner report first, then the Hijackthis report.--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, January 20, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, January 20, 2009 01:39:51 Records in database: 1650775--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - My Computer: C:\ D:\ H:\ M:\ N:\ T:\Scan statistics: Files scanned: 82941 Threat name: 5 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 04:40:48File name / Threat name / Threats countC:\Deckard\System Scanner\backup\DOCUME~1\PAULA~1.TRE\LOCALS~1\Temp\e.exe Infected: Packed.Win32.NSAnti.ev 1C:\Deckard\System Scanner\backup\DOCUME~1\PAULA~1.TRE\LOCALS~1\Temp\_A00F378699.exe Infected: Packed.Win32.NSAnti.ev 1C:\Program Files\iWin Games\iWinGamesHookIE.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g 1C:\... Read more

A:antiviral popups won't stop- used kapersky scanner and hijack this

"Welcome to BleepingComputer.com"I'm Deacon10 or Larry if you prefer and will be working with you to resolve your problems. I am reviewing your log which requires an amount of research, so please be patient. Just a few notes I tell everybody I work with:Please reply to this thread. Do not start a new topic.If you have any questions or don't understand something please stop and ask before you proceed.Please set aside enough time to complete all the steps in each post and follow these instructions in the order stated. Please don't run any extra "scans or fix" programs not requested by me, it could change the results in the reports I request.If you have circumstances that you are aware of that will delay your response, then please let me know. This is to insure that your topic remains open. Please continue here with me until I tell you your system is free from malware.
Just because a symptom disappears does not mean your system is clean.The following fix is specifically designed for this users post and this machine only!

3 more replies
Answer Match 47.46%

Hello again,

Im hoping you can help me at least eliminate a possible problem...heres my situation...I have DSL and for the past few days my connection just knocks me off and it will change my IP addy so that I cant make any kind of internet connection until I log off and reset my modem etc etc...now I just had a yahoo tech out today to check my modem and line...which all seemed to be ok...so the tech proceded to tell me that could be caused by possbile spyware.trojan issues....so I proceded to run every spyware anti virus program I have and start scanning....I did have some malware and some thing called a winhook ? which Im not really sure what that is....long story short....I fixed all the problems I had come up on the scans....created new restore points and Im still having the same problem with my DSL connection...so I come to you to see if theres something you can see that I couldnt that could possibly be causing me to have these DSL issues....attached is a copy of my hijack scan.....a brief scenario of my scans included....norton AV....webroot spy sweeper....Ad-Aware...updated spyware blaster....trend micro house calls..ran ccleaner and also spybot....so I did cover some ground but then theres the chance I didnt get it all....thank you in advance for looking at my hijack scan and your time...

Mike

Logfile of HijackThis v1.99.1
Scan saved at 9:22:02 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running... Read more

A:Solved: Spyware/trojan help please

Just thot I would add this scan from spy sweeper.....
3:15 PM: Traces Found: 18
3:15 PM: Full Sweep has completed. Elapsed time 00:49:41
3:15 PM: File Sweep Complete, Elapsed Time: 00:44:06
3:15 PM: Warning: Failed to access drive E:
3:15 PM: Warning: Failed to access drive D:
3:15 PM: Warning: Failed to open file "c:\documents and settings\paz\paz2\pazzz\oo\quick mp3 wav convertor v3[1].0-brd.". The operation completed successfully
3:15 PM: Warning: Failed to open file "c:\documents and settings\paz\paz2\pazzz\oo\quick mp3 wav convertor v3[1].0.". The operation completed successfully
3:15 PM: Warning: Failed to open file "c:\documents and settings\paz\paz2\pazzz\oo\quick mp3 wav convertor v3[2].0-brd.". The operation completed successfully
3:15 PM: Warning: Failed to open file "c:\documents and settings\paz\paz2\pazzz\zz\spyware doctor 3[1][1].2.1.359.". The operation completed successfully
3:15 PM: Warning: Failed to open file "c:\documents and settings\paz\paz2\pazzz\ll\hypercalendar 2 v2[1].37 only.". The operation completed successfully
3:15 PM: Warning: Failed to open file "c:\documents and settings\paz\paz2\pazzz\mm\spyware doctor v3[1][1].2.1.359.". The operation completed successfully
3:15 PM: Warning: Failed to open file "c:\documents and settings\paz\paz2\pazzz\nn\ad-aware se profesional v1[1][1].06.". The operation completed successfully
3:13 PM: Warning: Failed to open file "c:\documents... Read more

2 more replies
Answer Match 47.46%

I have the trojan on my PC and am getting all the popups etc.
Having read some threads on this subject I have run HJT and the list is below along with an uninstall list. Can someone tell me what i need to do to delete this thing please

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 03:07:57, on 22/02/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI... Read more

A:Solved: Spyware/Trojan help please someone

12 more replies
Answer Match 47.46%

A search bar appeared at the bottom of the screen (unable to remove), recieving ads and pop-ups, McAfee unable to run, can't pull up task manager.. .
Computer having trouble starting and shutting down..a few minutes earlier mcAfee had deleted a trojan.. how can the problem be fixed?...
 

A:[Solved] Help~Trojan/Spyware??

15 more replies
Answer Match 47.46%

I know a lot of guys are facing this issue..I desperately need help as this spyware trojan thing is driving me crazy. It keeps opening pop up windows with message "Cannot access Server" and open different kinds of security pages in IE. have tried different kind if anti-spware software without any help. I think its the strcodec folder with files isamonitor.exe and isamini.exe which are causing issues. Cant end these processes as usual. I have downloaded Hijackthis and have run a scan. The logfile is attached as below.

Logfile of HijackThis v1.99.1
Scan saved at 9:24:31 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\strCodec\isamonitor.exe
C:\Program Files\strCodec\pmsngr.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\strCodec\isamini.exe
E:\VIRTUA~1\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\strCodec\pmmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDO... Read more

A:Solved: Please Help..Trojan spyware

7 more replies
Answer Match 47.46%

Hi I have an unusual problem. Ok the story is, in my country, we pay almost 800% more for bandwith than any other country in the world. So to cut a long story short, I am on a pay per gig system as it works out most economical for me.
Now you can imagine that the guys here have all kinds of bandwith monitoring apps.
My problem is, one of my pc's are eating up bandwith without me even doing anything. It can just be on and running and the meter goes up. (using my ISP's website which gets the stats from the backbone directly, as well as an app that also connects to the backbone)
I have a PPPoE setup. 3 pc's on a LAN connecting through a router.
I think I might know which pc it might be. Now the strange thing is this. I have run Ad Aware, Spybot, Ewido, Trend Micro Online, have Spyware Guard, Spyware Blaster, Windows Defender and Zone Alarm installed. As well as AVG Free. According to all of those my pc's are all squeaky clean. But still the bandwith leak.
From just browsing and emails (not big files) I average 60mb - 150mb a day. Which is impossible as I am not even here 50% of the day.
How can I figure out what is going on? I have run netstat -b from command line and as far as I can tell it is all just local network traffic.

Could anyone please help, as even my ISP says it must be an internal network problem.
 

A:Solved: Spyware, trojan or what?

Is this maybe posted in the wrong section?
 

3 more replies
Answer Match 47.46%

Hello.

I've been reading here for a some days, and decided to register because although others here seem to have had similar problems like me, they were a bit different so wasn't sure what to do.

Some days ago I discovered that I had trojans on my computer. At that time I had an outdated version of Norton Internet Security 2005 (definitions etc. was up-to-date atleast). According to Norton their names were trojan.zlob and trojan.nebuler.
Image of what it didn't manage to remove:
http://img88.imageshack.us/img88/7591/trojannebuler5ec.jpg

I also noticed small programs had been installed without me knowing it, for example one called 'Cowabanga by OIN', which I removed once or twice. (it's still in the registry however)

Internet Explorer got hijacked, popping up ads and when I tried to enter Windows Update I got this: http://img136.imageshack.us/img136/1051/fakemaybe8fu.jpg
I have been using Mozilla Firefox for some time, haven't noticed anything there.

The programs I have now are CWShredder, Ad-Aware SE Personal, Spybot - Search & Destroy, Ewido anti-spyware, X-cleaner and Panda Platinum 2006 Internet Security (trialware).
I also have Spyware Doctor and Xoftspy, these seem to find the most infected files, but both are trialware and I can only scan, I can't remove the stuff.
Here's what Spyware Doctor found yesterday:
http://img134.imageshack.us/img134/1581/trojanskvar6md.jpg

Xoftspy found a bunch of stuff called WinPCap or ... Read more

A:Solved: got a trojan/spyware, please help

Hi, Welcome to TSG!!

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

3 more replies
Answer Match 47.46%

I can't get rid of CiD popups which is drastically slowing my pc down but I think there is something more serious on my pc form my kids using msn messenger can anyone help I have scanned with HijackThis so that someone can give me feedback, please, please, please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:26, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\KService\KService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\P... Read more

A:Solved: Please Help Trojan/Spyware

16 more replies
Answer Match 47.46%

Okay, ran Ewido and webroot scans, ran ewido in safe mode, still not able to remove all of

this spyware. (little ? icon on tray with popups that directs me to their 'antispyware' page.)

Here is my Hijack log, and my Ewido log which I ran in safe mode. Please help when u can, thank you very much.

Logfile of HijackThis v1.99.1
Scan saved at 9:14:08 AM, on 9/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.c... Read more

A:Solved: trojan, spyware etc.

10 more replies
Answer Match 47.46%

I have been infected with the spyware VirusBurst.

I followed the instructions to remove this trojan fom a forum here.

I downloaded roguescanfix_setup.exe from the link provided and carried out the bruteforce uninstaller. I also downloaded smitRem.exe and extracted the files. I restarted in safe mode and ran the "runthis.bat" file in the extracted folder. The desktop went blank for a quick moment and recovered. I still have a pop-up showing:
 

A:Solved: Trojan SPM/LX from spyware

14 more replies
Answer Match 47.46%

Hi..
My computer is infected with spyware most probably...when i open IE, it takes me to http://www.topsecuritysite.com/ page... Also, there is this weird icon in my system tray which says that my computer is infected with a virus and to click it.... I have pasted my HJT log file...... Please Help...

Logfile of HijackThis v1.99.1
Scan saved at 2:14:09 AM, on 19/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\atmclk.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
D:\Program Files\Athan\Athan.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\IMT Labs Messenger Plugin\Cloud.exe
D:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Common Files\PCSuite\DataLayer\Da... Read more

A:Solved: Spyware/Trojan..Please Help!!!

16 more replies
Answer Match 47.04%

Not sure how we got this stuck on our system. Have tried Adaware and Symantec AV to fix with no luck. Read several of your previous posts and have run HJT. The log file is below. Any help will be greatly appreciated. Seems this trojan is affecting many folks.

Logfile of HijackThis v1.99.1
Scan saved at 3:22:04 PM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\Sym... Read more

A:Solved: Spyware trojan attack PSW.x-Vir

10 more replies
Answer Match 47.04%

Hi Guys,
I have a trojan disguised as iVideoCodec 3.0 installed on my computer.
I have cleaned using all the programs currently at my disposal.
I have quanantined some, but it keeps generating pop up windows.
Please advise me on how to completely get rid of it...

Many thanks for your time,
Dean
Here is my hi-jack this log :
Logfile of HijackThis v1.99.1
Scan saved at 09:55:39, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORT... Read more

A:Solved: Please help - Spyware / Trojan / Pop ups = Problems

16 more replies
Answer Match 47.04%

PLEASE READ ENTIRE SCENARIO IT'S A BIT WORDY!

PC is an emachine 2.2 Ghz P4 processor w/ 512K RAM, 2 40G hard drives running XP Home. IE started to low to a crawl. Installed AVG and Zone alarm. AVG does not see these viruses and spyware. Adaware SE personal & Spybot S&D see some, not all. Those last to programs look as if they remove the ones they see but they return later.
Trend Micro's PC-cillin Housecall sees thhem all but cannot remove the stubborn ones.
some examples are: Gator, Hotbar, the Trojan's are Id'd as Trojan_Z by Housecall. Any ideas will be appreciated. Sorry for yelling it's driving me nuts.
 

A:Solved: Trojan/Spyware on friends PC

7 more replies
Answer Match 47.04%

i've all ready ran hijack this this it what i have but what do i do from here? (i'm pretty new at spyware removal so please be patient)
 

A:Solved: HELP! spyware on computer trojan spm /lx

11 more replies
Answer Match 47.04%

These got by Norton and have kicked my butt. Norton's fix was useless.. Discovered your site; ran VondoFix and Hijack This. I've blocked the pc from the internet via my router right now. I let HJT fix a few obvious things, but I'm getting out of my league. Can someone please help?
Regards,
Apalachi
Logfile of HijackThis v1.99.1
Scan saved at 6:56:13 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Progress\bin\AdmSrvc.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\jview.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Progress\jre\bin\jre.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\... Read more

A:Solved: Trojan Voundo and other Spyware. Please help.

9 more replies
Answer Match 47.04%

I was reading an article on ESPN.com when my Avast anti-virus software came up with 4 virus alerts in succession. As suggested by the software, I moved the files to the virus chest. According to the log, the viruses were:

Win32urityScan-Q[Trj]
Win32:Trojano-2873 [Trj]
Win32:Adware-gen [Adw]
Win32: Adloader-KH [Trj]

Not sure if it matters, but all 4 hit at 11:59 PM on my system clock. After this, some sort of supposed spyware protection software was installing on my machine (I don't remember the name of the program -- I terminated the installation immediately)

In the last 90 minutes, I've had about a dozen IE popups and 2 other virus alerts from Avast, both Win32:TratBHO [Trj].

Any suggestions? Thanks in advance for any help. Below is my HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:30 AM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Appl... Read more

A:Solved: Trojan attacks & IE spyware/pop-ups

14 more replies
Answer Match 47.04%

I noticed that I had some kind of Spyware/Trojan since IE gave me random popups from a specific site (can't remember name, outer something) together with an IE Phising Filter popup. I also couldn't run HouseCall no matter which browser I used.
I went into the IE settings and could see one site allowed in the popupblocker, *.starsdoor.com, which I removed, also set all security levels to highest since I don't use the browser.

I also ran CCleaner, removed everything it requested and also found 3 weird starting processes, which I googled and found out they were trojans. Can't remember the names.
I'm unsure if I successfully removed the Trojan, but I'm pretty sure I made it unable to run properly. However, please check this log since I can't comprehend it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:59, on 2007-10-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files... Read more

A:Solved: Help to Remove Trojan/Spyware

6 more replies
Answer Match 47.04%

My system lately has run slowly and i have been getting several popups, mostly from aurora part of the abi network. microsoft antispyware, adaware se, and spybot search and destroy (all updated) tell me i have multiple harmful entries, but they do not really remove the problem, though the log says they do. My hijack this log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 3:36:13 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Logfile of HijackThis v1.99.1
Scan saved at 3:36:13 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\fzhyse.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\JACOBN~1.JAK\LOCALS~1\Temp\1125A.exe
C:\Program Files\AIM95\ai... Read more

A:Solved: spyware and trojan problems

13 more replies
Answer Match 47.04%

I am having trouble with pop up ads. I have run several different scans that have stopped some of the problem but I still have pop-ups.

Here is my Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:50 AM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\ps2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program ... Read more

A:Solved: Spyware, trojan problems

10 more replies
Answer Match 47.04%

I believe I am infected with this Trojan SPM/LX from spyware/winantiviruspro2006.
Here are my smitfraud & HJT logs (I hope I haven't jumped the gun)
SmitFraudFix v2.100

Scan done at 14:07:31.37, 29/09/2006
Run from C:\Documents and Settings\Dino\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\
C:\WINDOWS
C:\WINDOWS\system
C:\WINDOWS\Web
C:\WINDOWS\system32
C:\WINDOWS\system32\LogFiles
C:\Documents and Settings\Dino
C:\Documents and Settings\Dino\Application Data
Start Menu
C:\DOCUME~1\Dino\FAVORI~1
Desktop
C:\Program Files
Corrupted keys
Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="Abou... Read more

A:Solved: Trojan SPM/LX from spyware/winantiviruspro2006

13 more replies
Answer Match 47.04%

I think someone got on my computer and downloaded a bunch of infected programs, because now i can barely log in without being bombarded with ie pop-ups saying i need certain removal software.

One major thing i saw was Magicantispy, and various processes i havn't seen before randomly running.
I don't know if this has anything to do with it but, i can't seem to see the control panel box. It opens, but i think it opens off-screen, since it's in the start bar.Fixed this problem

Any help would be greatly appreciated.
 

A:Solved: Spyware/Trojan removal help.

9 more replies