Tech Problem Aggregator

WinAntiVirusPro - 5 steps completed

Q: WinAntiVirusPro - 5 steps completed

Deckard's System Scanner v20070905.67
Run by Tom Roach on 2007-10-01 10:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2007-10-01 14:32:38 UTC - RP355 - Deckard's System Scanner Restore Point
103: 2007-10-01 14:17:25 UTC - RP354 - Installed WinZip 11.1
102: 2007-09-30 07:00:16 UTC - RP353 - Software Distribution Service 3.0
101: 2007-09-29 17:11:48 UTC - RP352 - Removed Adobe? Photoshop? Album Starter Edition 3.2
100: 2007-09-29 16:55:46 UTC - RP351 - Installed Windows Internet Explorer 7.


-- First Restore Point --
1: 2007-09-24 19:33:06 UTC - RP252 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tom Roach.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 10:39:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tom Roach\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Tom Roach.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: NetStar BHO - {0B7C598E-0DB8-4B64-B521-2F4872D5CAA5} - C:\netstar\bho\NetStarBHO.dll
O2 - BHO: (no name) - {534A3E28-2B67-5797-55C6-08628A7497AD} - C:\Program Files\Tdipkpan\jpsoaown.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\rqrqppq.dll
O2 - BHO: (no name) - {F18DA700-D6F0-4F52-83DF-DC49AEB4477C} - C:\WINDOWS\system32\ssttr.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\bksdbptt.dll",sitypnow
O4 - HKEY_LOCAL_MACHINE\..\Run: [jofqrcto] rundll32.exe "C:\Program Files\jofqrcto\rspetgpo.dll",Init
O4 - HKEY_LOCAL_MACHINE\..\Run: [gjyxknan] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gjyxknan.dll"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvkad.dll,startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: HTTPS://www.mbnetstar.com (HKEY_LOCAL_MACHINE)
O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - http://207.184.38.65/apps/common/inc...NFIG-CHECK.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AF4075E-D0A2-40FF-9918-0BC7C5E88F51}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\system32\antiwpa.dll
O20 - Winlogon Notify: rqrqppq - C:\WINDOWS\system32\rqrqppq.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\system32\wingdm32.dll
O23 - Service: Dell 1100 Status Monitor Service (Dell1100_FUService) - Unknown owner - "C:\Program Files\DELL\Dell Laser Printer 1100\LocalSM\ssmsrvc /Service
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Dell1100_FUService (Dell 1100 Status Monitor Service) - "c:\program files\dell\dell laser printer 1100\localsm\ssmsrvc /service (file missing)
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-09-01 and 2007-10-01 -----------------------------

2007-10-01 10:36:21 0 d-------- C:\Program Files\Trend Micro
2007-10-01 10:25:28 0 d-------- C:\Program Files\SpywareBlaster
2007-10-01 10:22:11 0 d-------- C:\ie-spyad_zo
2007-10-01 10:17:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-01 09:55:42 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-01 09:35:10 87104 --a------ C:\WINDOWS\system32\vahylvrc.dll
2007-09-29 13:11:45 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\Leadertech
2007-09-29 13:05:14 0 d-------- C:\WINDOWS\system32\vldpmvww
2007-09-29 12:52:18 0 d-------- C:\WINDOWS\network diagnostic
2007-09-29 12:39:03 0 d-------- C:\WINDOWS\pss
2007-09-29 12:36:31 0 d-------- C:\Program Files\SecCenter
2007-09-29 12:36:30 0 d-------- C:\Program Files\Tdipkpan
2007-09-29 12:36:30 114688 --a------ C:\Documents and Settings\All Users\Application Data\gjyxknan.dll
2007-09-29 12:36:28 0 d-------- C:\Program Files\jofqrcto
2007-09-29 12:35:32 15360 --a------ C:\WINDOWS\system32\drvkadr.dll
2007-09-29 12:35:32 104448 --a------ C:\WINDOWS\system32\drvkad.dll
2007-09-29 12:35:14 36352 --a------ C:\WINDOWS\system32\tuvtqpo.dll
2007-09-29 09:43:45 84032 --a------ C:\WINDOWS\system32\bksdbptt.dll
2007-09-28 12:13:45 69184 --a------ C:\WINDOWS\system32\kspqpyjm.dll
2007-09-28 03:35:03 75328 --a------ C:\WINDOWS\system32\kgtimvwl.exe <Not Verified; ; DDC>
2007-09-27 16:02:27 0 d-------- C:\Program Files\Common Files\Download Manager
2007-09-26 16:00:34 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\Tenebril
2007-09-26 15:55:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-09-26 15:53:18 0 d-------- C:\WINDOWS\system32\tenarchlib
2007-09-26 15:53:18 180224 --a-s---- C:\WINDOWS\system32\archlib.dll <Not Verified; Tenebril Incorporated; Tenebril architecture technology>
2007-09-26 12:57:33 0 d-------- C:\Program Files\Alwil Software
2007-09-25 03:33:31 2001229 ---hs---- C:\WINDOWS\system32\rttss.bak2
2007-09-24 17:07:18 1165 --a------ C:\WINDOWS\mozver.dat
2007-09-24 15:33:24 2027891 ---hs---- C:\WINDOWS\system32\rttss.bak1
2007-09-24 15:32:52 244832 --a------ C:\WINDOWS\system32\ssttr.dll
2007-09-24 14:31:37 44054 --a------ C:\WINDOWS\system32\yayvtut.dll
2007-09-24 14:31:37 44054 --a------ C:\WINDOWS\system32\fccdbxv.dll
2007-09-24 14:31:37 44054 --a------ C:\WINDOWS\system32\cbxxxwx.dll
2007-09-24 14:31:35 21504 --a------ C:\WINDOWS\system32\wingdm32.dll
2007-09-24 14:31:31 44054 --a------ C:\WINDOWS\system32\rqrqppq.dll
2007-09-24 14:27:44 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\WinRAR
2007-09-24 14:18:11 60928 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; antiwpa-user32>
2007-09-24 12:01:26 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\Mozilla
2007-09-18 03:00:25 0 d-------- C:\Program Files\MSXML 4.0
2007-09-17 11:35:38 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\Ahead
2007-09-17 11:35:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-17 11:33:38 0 d-------- C:\Program Files\Nero
2007-09-17 11:33:38 0 d-------- C:\Program Files\Common Files\Ahead
2007-09-17 11:33:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-17 11:33:00 0 d-------- C:\WINDOWS\RegisteredPackages
2007-09-17 11:16:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-15 15:02:46 0 d-------- C:\Program Files\uTorrent
2007-09-15 15:02:40 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\uTorrent


-- Find3M Report ---------------------------------------------------------------

2007-09-29 13:12:49 0 d-------- C:\Program Files\Online Services
2007-09-29 13:12:02 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-29 12:33:11 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-09-29 09:52:49 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-09-27 16:02:27 0 d-------- C:\Program Files\Common Files
2007-07-06 13:37:31 34 --a------ C:\WINDOWS\system32\BD2040.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B7C598E-0DB8-4B64-B521-2F4872D5CAA5}]
12/20/2006 04:15 PM 36864 --a------ C:\netstar\bho\NetStarBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{534A3E28-2B67-5797-55C6-08628A7497AD}]
09/29/2007 12:36 PM 114688 --a------ C:\Program Files\Tdipkpan\jpsoaown.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
09/24/2007 02:31 PM 44054 --a------ C:\WINDOWS\system32\rqrqppq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F18DA700-D6F0-4F52-83DF-DC49AEB4477C}]
09/24/2007 03:32 PM 244832 --a------ C:\WINDOWS\system32\ssttr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 02:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 02:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 02:23 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/07/2006 07:14 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/2006 07:15 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 AM]
"SC2"="C:\Program Files\SecCenter\scprot4.exe" [09/29/2007 12:36 PM]
"SearchIndexer"="C:\WINDOWS\system32\bksdbptt.dll" [09/29/2007 09:43 AM]
"jofqrcto"="C:\Program Files\jofqrcto\rspetgpo.dll" [09/29/2007 12:36 PM]
"gjyxknan"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\gjyxknan.dll" []
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [11/19/2003 08:47 AM]
"CTDrive"="C:\WINDOWS\system32\drvkad.dll" [09/29/2007 12:35 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"= C:\WINDOWS\system32\rqrqppq.dll [09/24/2007 02:31 PM 44054]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll 09/24/2007 11:08 AM 60928 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqppq]
rqrqppq.dll 09/24/2007 02:31 PM 44054 C:\WINDOWS\system32\rqrqppq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll 09/24/2007 02:31 PM 21504 C:\WINDOWS\system32\wingdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssttr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-10-01 10:40:52 ------------

A: WinAntiVirusPro - 5 steps completed

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

13 more replies
Answer Match 72.24%

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:14 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutq.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run... Read more

A:Completed 2/5 steps - please look over this and tell me what to do

Hello

I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer"... Read more

19 more replies
Answer Match 72.24%

Avast seems to find a new malware every 20 min. I could not complete a panda activescan because the update would stall and hang at 19 %

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-30 21:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-05-31 01:04:12 UTC - RP583 - Deckard's System Scanner Restore Point
101: 2008-05-30 21:19:31 UTC - RP582 - Restore Operation
100: 2008-05-30 21:12:31 UTC - RP581 - Restore Operation
99: 2008-05-30 21:09:59 UTC - RP580 - Restore Operation
98: 2008-05-30 21:07:03 UTC - RP579 - Restore Operation


-- First Restore Point --
1: 2008-03-02 21:51:33 UTC - RP482 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-30 2111
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Awar... Read more

A:I have completed the 5 steps!

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Download SDFix and save it to your desktop.
Do not do anything with this yet!


Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.


SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

7 more replies
Answer Match 72.24%

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Softw... Read more

A:Completed the 5 Steps

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!


Next, download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.[/QUOTE]

19 more replies
Answer Match 72.24%

I accidentally infected my computer with security toolbar 7.1. I have done the 5 steps and i did not get a log from that first scan but here is the log it gave me on the last one.

Deckard's System Scanner v20071014.68
Run by Alan Hickman on 2007-10-21 13:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
98: 2007-10-21 18:33:54 UTC - RP572 - Deckard's System Scanner Restore Point
97: 2007-10-21 10:02:26 UTC - RP571 - Software Distribution Service 3.0
96: 2007-10-21 09:56:58 UTC - RP570 - Installed Windows Defender
95: 2007-10-21 09:24:44 UTC - RP569 - Restore Operation
94: 2007-10-20 09:03:00 UTC - RP568 - System Checkpoint


-- First Restore Point --
1: 2007-08-01 05:41:11 UTC - RP475 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-21 13:35:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.ex... Read more

A:Completed five steps...here is the log.

Bump!

3 more replies
Answer Match 71.4%

log listed below : DO YOU WANT THE PANDA SCAN SCAN ALSO?

had constant pop ups- they have stopped- system very slow..avast found virus in operating system-win32:agent-PSG [drp] and vtutr.dll -
trojans




I just know how to computer surf- my son goes to online school- so we really need this computer
log listed below

Deckard's System Scanner v20071014.68
Run by wpccs on 2008-02-03 18:09:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-03 23:09:39 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-03 18:13:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WI... Read more

A:hijackthis log- completed 5 steps

Hi dorimom, and welcome to TSF.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------


Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Close HiJackThis

--------------------------------------------------------------


Since it has been awhile... Please run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

Please include the following in your next reply:

C:\Deckard\System Scanner\main.txt

5 more replies
Answer Match 71.4%

Computer has a very slow startup. I cannot get rid of this Kodak Easyshare. Internet response time a bit faster, page to page.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:44, on 2008-03-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1101823440\ee\services\safetyCore\ver210_5_2_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\Explorer.EXEC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\MUSICMATCH\... Read more

A:All Steps Completed Up To Hijack

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Answer Match 71.4%

ok, i know i have malware on my computer. i read the 5 steps to do first....

step one-
i ran ad-aware (i have pro edition), no problems found,
aswell as spy bot s& d and cwschredder, all fine

syep two-i have norton and avg, no problems

step 3-none from that list

step 4-none from that list

step 5-can't update from windows, just get errors

here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:57:51 AM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.JBOOGY\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\stng260[1].exe
C:\Program Files\a-squared\a2guard.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Administrator.JBOOGY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Inte... Read more

A:ok, difinitely need help. i have completed the five steps

Hi,

Quote:




If you are seeking help for spyware/antivirus issues, or wish to have your Hijack This log checked, please do not post here!




Post it at the HijackThis Log Help section. I think I mod will move this post.

5 more replies
Answer Match 71.4%

Hello and thank you for any help you may be able to give. I've gone through the five required steps before posting my logs for help.

I've run Spybot, Adaware and SuperAntiSpyware and can't seem to clear up whatever the issue is.

Following are the required log files (as well as the "extra" text file attached):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:02 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program File... Read more

A:HijackThis Log - completed 5 steps

bump

anyone?

19 more replies
Answer Match 71.4%

I recently had a virus and used HP recovery and now I don't have any sound. I originally posted this in the sound card forum and was instructed by deejay100six to go through the five steps of identifying a virus. I completed those steps and below is my Panda Scan results. I have the hijackthis results when ever you need them. I originally went through all of the basic steps to fixing the sound problem but nothing worked. Thanks again in advance.

ANALYSIS: 2008-08-16 02:24:44
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080815-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;==============================================================================================... Read more

A:No Sound/5 steps completed

I need some help here guys. Below is my hijackthis results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:50 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\... Read more

4 more replies
Answer Match 70.56%

I'm using Windows XP, I installed, Spybot Search and Destroy and Spyware Blaster (basically completed all 5 steps).
The problem that I'm having is that my computer takes forever to turn on. Then there are alot of error messages (windows has encountered a problem in " " program and has to close), there are about 20 of these messages, all referring to windows/system32/XXXX.exe where xxxx are all different program files. Most of this started when my kids were playing an online game called Maple story (from Nexon) and a game called Banned story. I've also deleted a program called Absolute start up (that still seems to be lingering, as well as AOL instant messaging (aol always gives me problems). Also hard to get rid of is Spyware bot (as opposed to Spybot search and destroy). Previous to this mess that you see in my log, I ran my Mcafee virus scan and detected (& removed) several viruses (trojans, worms). I hope you can help me clean my mess! Please let me know if you need more info! I've attached the extra.txt. thank you!!!


Deckard's System Scanner v20070905.67
Run by Sandra on 2007-09-13 15:20:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2007-09-13 19:20:39 UTC - RP44 - Deckard's System Scann... Read more

A:Computer bogged down, I've completed the 5 steps

Hi.
Quite a bit to tidy up....



Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop g6euuloz4omli7
sc delete g6euuloz4omli7


Type Exit to close.


=================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:



Quote:





File::

C:\WINDOWS\system32\bi.exe
C:\WINDOWS\system32\i.exe
C:\WINDOWS\system32\zpoaktwskm.exe
C:\WINDOWS\system32\hklsyrutqdfb.exe
C:\WINDOWS\system32\zkxl.exe
C:\WINDOWS\system32\bxhrwlxbmfmk.exe
C:\WINDOWS\system32\snu.exe
C:\WINDOWS\system32\mzzen.exe
C:\WINDOWS\system32\uxlahgmomyk.exe
O C:\WINDOWS\system32\eni.exe
C:\WINDOWS\system32\aoebviepf.exe
C:\WINDOWS\system32\saqxdpoh.exe
C:\WINDOWS\system32\vlxriufvzco.exe
C:\WINDOWS\system32\szwdlrxb.exe
C:\WINDOWS\system32\xijw.exe
C:\WINDOWS\system32\ftmvqslxii.exe
C:\WINDOWS\system32\rlpawdwuggsf.exe
C:\WINDOWS\system32\mih.exe
C:\WINDOWS\system32\kdepcd.exe
C:\WINDOWS\system32\dqwdsti.exe
C:\WINDOWS\system32\dvbeqh.exe
C:... Read more

15 more replies
Answer Match 70.56%

And by completed the steps i mean i wasnt able to partially do any of the five steps

Step 1: I cant access the add/remove programs option on the control panel, it comes up with this message.

This file does not have a program associated with it for performing this action. Create an association in the folder options control panel.

Step 2: I cant use email on the computer, keeps saying cookies are disabled even though i put it to allow all.

Step 3: Well i never cleaned the system so why bother trying to install these programs? I probably wouldnt be able to install them anyway.

Step 4: When i go to the update site, it says it cant continue because one of the following programs isnt working
Automatic Updates
BITS
event log
i follow there directions, my computer refuses to allow me to enable automatic updates

Step 5: im not downloading that program because the way it looks im gonna have restore my system

so is my system completly messed up or can you guys help me out?

More replies
Answer Match 70.56%

I am experiencing Browser hijacking and pop ups in new tabs.
nothing else yet, that I know of, except a ding (like the one we hear when we click on something that won't work) that just sounds for no reason.
Attached is the requested logs. Thank you so much, in advance.
**All scans were done in safe-mode**

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Owner at 13:01:21.76 on Mon 07/12/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.363 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www... Read more

A:First Steps completed, ready for analysis

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it sh... Read more

12 more replies
Answer Match 70.56%

Hi

Just the other night while reading a forum I regularly visit, popups started to happen, a TAG (SearchUs) icon appeared on the desktop, Outerinfo appeared in the task bar, MS Office install window pops up, and a few others.

I have AVG, SpywareBlaster, Spybot, and a few other on my PC. After running them Spybot was able to remove a few but the Smitfraud-C.CoreService remained. All of the above symptoms are still happening about every 15 minutes or so.

I completed the first 5 basic steps from this forum you are supposed to do before posting a log. AdAware detected nothing. Panda detected 1 Virus, 37 Spyware, and 6 Hacking Tools/Rootkits. Hopefully somebody can help me. Here is the info...

PANDA:

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vturppm.dll
Spyware:Spyware/Virtumonde ... Read more

A:Smitfraud-C.CoreService, completed the 5 STEPS

PS: It took me 5 hours to do the above (yes... 5 hours) and do the 5 steps.

I took the time to follow the forum rules when posting logs and asking for help.

I hope somebody takes the time to help so the hours I invested don't go to waste.

Many thanks.

8 more replies
Answer Match 70.14%

Hiya guys, been googling for solutions 5 hours / scanning / deleting / removing programs. I had an old java version sitting on the cpu, probly allowed this crap in and my sister on the cpu (whos internet-safety-intellectually-deficient) who tends to click on "yes" for stuff.

Problem: WinAntiVirusPro Popups come up in droves, but randomly. Four hours of nothing, then one after another..like a porn ad / popup, if you close it the next page comes up, turning into a loop. Just in the last little bit: Drive Cleaner popups like madwhich replace whatever browser im currently typing (this is my second time typing this post).

Can't get rid of it. Help me out

My system / tools / what I've run:
Zonelabs freeware firewall, AVG Free, SpyBot, Panda Virus Scan, Trend Micro freeware scanner / blocker, SpyCatcher (by Tenebril). Those last three I just installed / ran today because some other forums had results with that.

I've run VundoFix.exe as such: (advice from the spybot forums I think):
>>>
http://www.atribune.org/downloads/VundoFix.exe
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please restart your computer into Safe Mode.
Click here if needed For instructions.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
A command window will open and it should look like this:

VundoFix V2.15 by Atri
By pressing enter you agree that you... Read more

A:Hijackthis: did readme steps, WinantiVirusPro popups / DriveCleaner

Hello and welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

4 more replies
Answer Match 69.72%

Hello and this is my first post.. I'm using an account a friend let me use.

Earlier this week I was viewing a page in Internet Explorer(Mind that I don't prefer IE, I mainly use Firefox) and something attacked my system and started bringing up popups about a "free spyware remover" program, telling me my computer was infected. Knowing this was a hoax, I closed them, only to find that they'd uploaded something to my system. It seemed like adware. There was an icon in the taskbar that would not go away, saying the same thing as the popups- "Your computer is infected! Click here to download spyware remover!" On top of that, the files or whatever have disabled most administrative capabilities I once had, like the Control Panel, Add/Remove programs, and even the Desktop Properties menu.

Now I've tried at least 4 programs to rid myself of this annoying problem- Norton, SpyBot S&D, and none have fixed it.

A friend recommended me to you guys and it looks like you really know what you're doing. I've completed steps 1-5 to the best of my abilities as of now. I couldn't even do step 1 due to the fact that the malicious stuff has disabled my Control Panel. Step 2 concerning the Panda ActiveScan was unsuccessful, as the popup window doing the scan mysteriously closed part-way through the scan.

Anyway, here's the DSS and HijackThis reports. Any help is greatly appreciated. I want my computer back! And REVENGE!

Deckard's System Scanner v20070826.66
R... Read more

A:Spyware/Malware/SOMETHING Steps 1-5 completed(kind of)

Sorry for the double post, there doesn't seem to be an edit button.

Also try to keep it in layman's terms, I'm not that much of a computer wizard- just a gamer.

16 more replies
Answer Match 69.72%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:27:43 PM, on 3/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exeC:\Program Files\Common Files\AOL\1133363615\ee\AOLSoftware.exeC:\Program Files\Yahoo!\Antivirus\CAVTray.exeC:\Program Files\Yahoo!\Antivirus\CAVRID.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\CreataCard\Gold\FMRemind.exeC:\Prog... Read more

A:Hijack This Report-prior Steps Completed

Hello bigdaddy43 and welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log.Please tell me what is wrong with this computer. Thank you for your patience.

6 more replies
Answer Match 69.72%

Hi all,

this is my first post and I wish it was on better terms. I am getting pop ups telling me that I have Win32.trojan.rx My back round on my desk top turned red and I have no access to my task manager.

I have tried downloading DSS but cannot.

Things I have already tried (hopes this helps in coming to a quicker resolution)

1) Run Adaware in safe mode
2) Run Spybot in safe mode
3) Run Ez Armor virus scanner in safe mode
4) Run cc Cleaner in safe mode
5) Delete temporary internet files
6) down loaded but have not yet run AVG anti virus.
7) Looked for suppicious items in control panel (ad remove programs) found slotchbar but cannot remove it.
8) Made hidden files viewable

My biggest fear is that this trojan got a hold of my banking and credit information. Is there anyway to confirm?

Listed below is my Hijack this log. I know you are all very busy and appreciate your help.

Logfile of HijackThis v1.97.7
Scan saved at 2:34:58 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDO... Read more

A:Win32.trojan.rx Need help (completed basic steps)

Update:

I also ran SmitFraudFix and had it clean files as well.

I dont know if the problem is fixed but I now have access to my back round and task manager. My computer is also NOT alerting me any more telling me I have a virus.

Im skeptical to think I am cured but I posted both the smitfraud fix log and a new Hijackthis log below. Please review and let me know. Thanks for your help.

SmitFraudFix v2.194[/B]

Scan done at 15:10:25.20, Sat 06/09/2007
Run from C:\Documents and Settings\John Pagnotta\Desktop\Antivirus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

???????????????????????? SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

???????????????????????? Killing process


???????????????????????? hosts


127.0.0.1 localhost


???????????????????????? Generic Renos Fix

GenericRenosFix by S!Ri


???????????????????????? Deleting infected files

C:\WINDOWS\susp.exe Deleted

???????????????????????? DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpNameServer=167.206.245.71 167.206.245.70 167.206.245.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpNameServer=167.206.245.71 167.206.245.70 167.206.245.7
HKLM\SYSTEM\CS2\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpN... Read more

14 more replies
Answer Match 69.3%

Deckard's System Scanner v20071014.68
Run by David Anderson on 2008-01-27 11:16:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-01-27 18:13:39 UTC - RP1115 - Software Distribution Service 3.0
15: 2008-01-27 17:26:16 UTC - RP1114 - Software Distribution Service 3.0
14: 2008-01-26 23:57:46 UTC - RP1113 - Software Distribution Service 3.0
13: 2008-01-26 23:04:19 UTC - RP1112 - Software Distribution Service 3.0
12: 2008-01-26 22:56:02 UTC - RP1111 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-11 13:37:32 UTC - RP1100 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-27 11:39:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap... Read more

A:spyguard pro infection (steps completed and logs are included)

Bump!

2 more replies
Answer Match 69.3%

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-01-31 01:28:43 UTC - RP952 - Deckard's System Scanner Restore Point
68: 2008-01-30 17:13:30 UTC - RP951 - Software Distribution Service 3.0
67: 2008-01-29 04:16:44 UTC - RP950 - System Checkpoint
66: 2008-01-28 02:45:48 UTC - RP949 - Installed Ad-Aware 2007
65: 2008-01-27 08:45:23 UTC - RP948 - System Checkpoint


-- First Restore Point --
1: 2008-01-23 03:35:38 UTC - RP884 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 127 MiB (512 MiB recommended).
System Drive C: has 2.41 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-30 19:33:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDO... Read more

A:Spyware and viruses slowing computer (completed all five steps)

BUMP

Did I do something wrong? This is my third post and nobody has answered, I really need help.

2 more replies
Answer Match 69.3%

Hi,

I have picked up a virus that has deleted my anti-virus programs and prevents me from installing any new ones. I can install them, but the "exe" file is immediately deleted. I am also prevented from booting into safe mode-I get a message that states there have been hardware or software changes that prevent this. I am also unable to activate my firewall protection. I would certainly appreciate any assistance!!!

Deckard's System Scanner v20070809.63
Run by rickir on 2007-08-15 at 07:28:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2007-08-15 12:28:55 UTC - RP796 - Deckard's System Scanner Restore Point
96: 2007-08-14 19:18:09 UTC - RP795 - Installed AVG 7.5
95: 2007-08-14 19:05:17 UTC - RP794 - Installed AVG 7.5
94: 2007-08-14 18:48:19 UTC - RP793 - Installed AVG 7.5
93: 2007-08-14 18:43:12 UTC - RP792 - Installed AVG 7.5


-- First Restore Point --
1: 2007-05-17 22:53:35 UTC - RP700 - Installed WordPerfect Lightning.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as rickir.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:39 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE:... Read more

A:Virus deletes antivius progs-steps 1-5 completed

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I'd advise you to first back up any valued data now. If you really have a file infector, your OS may be in serious jeopardy. That said, you were able to run DSS, so it may just be that the infection is disabling the AV, not deleting it. I still see services from Avast in your logs.

---------------------------------------------------------------------------------------------

Please disable Winpatrol, as it may hinder the removal of some entries. You can re-enable it after you're clean.
Right click the running icon of winpatrol, and choose exit.

---------------------------------------------------------------------------------------------

Open HijackThis and click o... Read more

15 more replies
Answer Match 68.46%

Please help my laptop keep telling me i have worm.win32.netsky all 5 steps completed. Main.txt below and extra attached. Thanks for all the advice - newbie with no clue





Deckard's System Scanner v20071014.68
Run by Davinia on 2007-11-23 17:25:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
64: 2007-11-23 17:26:44 UTC - RP170 - Deckard's System Scanner Restore Point
63: 2007-11-22 21:44:56 UTC - RP169 - System Checkpoint
62: 2007-11-18 19:34:31 UTC - RP168 - Removed LiveUpdate Notice (Symantec Corporation)
61: 2007-11-15 13:27:46 UTC - RP167 - Software Distribution Service 3.0
60: 2007-11-13 16:15:21 UTC - RP166 - System Checkpoint


-- First Restore Point --
1: 2007-08-25 10:58:20 UTC - RP107 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-23 17:29:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32... Read more

A:laptop popup says it has worm.win32.netsky all 5 steps completed.

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.


Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Start the computer in Safe Mode:When the machine reboots, tap the F8 key before Windows starts
You are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.

~~~~
Open SmitfraudFix Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

When it is done, a log named rapport.txt is created, listing infected files (if present).

~~~~
Restart the computer to complete the removal process.

~~~~
Next, download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post... Read more

4 more replies
Answer Match 68.46%

Hello
I have been having an issue with Winantivirus pop-ups which have led to various spyware and adware infections. I have seen many variations to the pop-up including winantivius, winantiviruspro, errorprotection, winantispyware, as well as many pop-up and new browser window ads. I have also noticed minor degradation in system performance.

I have completed the 5 steps and have all logs from scans available.
Below is the main text file and attached is the extra text file from the Deckard scan.

I am not sure what additional information would be helpful to the analyst. One concern i have is that SP2 has already been installed. If anyone could assist I would greatly appreciate it.

Thanks
Matt

Deckard's System Scanner v20070905.67
Run by Matthew on 2007-09-07 18:52:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-09-07 22:52:52 UTC - RP217 - Deckard's System Scanner Restore Point
3: 2007-09-07 22:30:56 UTC - RP216 - Software Distribution Service 3.0
2: 2007-09-07 18:22:20 UTC - RP215 - Removed Get High Speed Internet!
1: 2007-09-07 16:32:35 UTC - RP214 - Installed Windows Internet Explorer 7.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Matthew.exe) ------... Read more

A:Winantivirus and related PUP adware spyware issues. 5 steps completed

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

==============================

Please download Combofix from HERE

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

9 more replies
Answer Match 68.46%

I haven't really scanned this computer ever, but the school I went to offered free antivirus software called Counterspy which I've used to scan recently. It detected a whole lot (with updated definitions) such as various pieces of spyware, and some trojans in my Outlook email, which I just ended up deleting as a whole, but I had a feeling there is much more going on.

I followed the steps and the only thing notable to point out about step 1 is that I had the viewpoint media player, which I uninstalled. I have no clue how that even got installed.

Here are the logs:

dss main.txt:
Deckard's System Scanner v20070826.66
Run by Admin on 2007-09-05 13:42:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 1.71 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:00 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Mi... Read more

A:Slow Computer..Kaspersky reveals 15 viruses.. HELP! 5 steps completed.

Please download Combofix from HERE

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

================================

Download Superantispyware (SAS) free home version from HERE


Install it and double-click the icon on your desktop to run it.
? It will ask if you want to update the program definitions, click Yes.
? Under Configuration and Preferences, click the Preferences button.
? Click the Scanning Control tab.
? Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
? On the main screen, under Scan for Harmful Software click Scan your computer.
? On the left check C:\Fixed Drive.
? On the right, under Complete Scan, choose Perform Complete Scan.
? Click Next to start the scan. Please be patient while it scans your computer.
? After the scan is complete a summary box will appear. Click OK.
? Make sure everything in the white box has a check next to it, then click Next.
? It will quarantine what it found and if it asks if ... Read more

5 more replies
Answer Match 68.46%

Hi all,

Both firefox and ie are not working for many websites. Google search being diverted to ad sites. I have followed the 5 steps process and attached panda results and extra.txt files are attached. Main.txt contents is pasted below. Thanks a lot in advance for helping me.

Deckard's System Scanner v20071014.68
Run by KAravind on 2008-06-22 18:01:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-22 22:01:17 UTC - RP44 - Deckard's System Scanner Restore Point
1: 2008-06-22 07:24:21 UTC - RP43 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as KAravind.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:51 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\... Read more

A:IE popups + Google search not working in firefox - 5 steps completed

Hi, welcome to tsf!

sorry for the delay.

if you still need assistance, please post a fresh main.txt log.

1 more replies
Answer Match 68.46%

Hello,Great forum by the way! I have found tons of useful information here but unfortunately I am still experiencing some issues. A few days ago the computer was infected with Antispyware Soft. I received all of the typical infection signs and went through the manual self-removal steps. This stopped the issue of the false warnings but shortly after I noticed that I was experiencing the same redirect issue that others have experienced with this infection. I went through the manual steps including removing the Doc&Settings folders it created as well as the registry values. In the registry, there were some values listed as Antispyware Suite in addition to the 'Soft'. I also went through the steps on another forum's post before finding this one. None of the removers can locate anything now and I even ran a rootkit download tool that was recommended. It found one item, removed it and everything worked normally for a few minutes then more of the same redirect issue. Nothing so far has found anything else. Yet every time I try to perform a search, I get redirected. Sometimes without even running a search: just scrolling on a page will cause a redirect to one of several different sites but all seem to pertain to shopping, advertising or search sites.I have run so many things that I cannot remember them all now but I do know there is something definitely still on the computer but nothing is finding it. This is even causing the internet connection to go undetected a... Read more

A:Antispyware Soft Infection: Removal steps completed but still having issues....

Hello, KarenReyWelcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 4-5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if th... Read more

13 more replies
Answer Match 67.62%

Thanks for your help. Chrome stalls and when closed it takes 5 or 6 tries to re-open. Start-up is also VERY slow? I completed the logs you need, I don't have a Windows Install disc or a Boot CD, but I have made a backup. thanks, - Jason



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
Run by Jason at 14:00:44 on 2013-02-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.1656 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:... Read more

A:Completed initial scans/steps -- browser stalls and slow start-up

bump, please :)

3 more replies
Answer Match 62.16%

My computer began directing my searches to non-google sites and bringing up popups. I was running windows defender and AVG. I use firefox for browsing. All are up to date. Running Windows Vista Home in a newer HP desktop, wired connection. I was not able to update any programs (ad aware, spybot, AVG, windows defender, etc). Also, when I run hijack this I get an error message indicating that hijack this was "denied write access to the hosts file". Hijackthis automatic analyzers do note some problems files but when I check them and click fix, they are still there after I scan again (including after a reboot). That line is:"O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe"I (ignorantly) ran combofix already as directed by a related forum post. It indicated that there was a trojan infection, restarted the computer and instructed me to re-run. I did and it created a log, though I understand I'm not to post that unless directed. It helped, now I can update my programs and I have not been redirected when searching, but I'm sure I have not completely addressed the problem(s) yet, thus, the request for your help (thanks in advance).Below is the DDS log and attached is the, er, attach.txt file per these instructions:DDS (Ver_09-03-16.01) - NTFSx86 Run by Bedroom at 16:53:36.05 on Sat 03/21/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3582.2192 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enable... Read more

A:Unknown malware or trojan - initial steps completed per initial posting instruction

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 39.48%

hi

i have recently had quite a few virus problems, most of which my virus and spyware programs have dealt with. However I have still got some problems which are reoccuring. The most obvious thing is that often when I open up firefox or explorer an extra browser opens up advertising Winantiviruspro or syand persistently asking me to do a free scan, of course i exit out of it without letting it do it. also I keep scanning my system and frequently it finds that there is usually 2 new viruses (ssophos labels them as Troj/Counto-Gen) and i either delete or shred them when they come up. Usually these are based in the local settings/temp folder. They stay away for a little while but then usually appear within a day. i have tried to clear it with sophos antivirus, ewido, backlight, spybot s&d and adaware but to no avail. on the manual attempts side of things i have tried zipping up the whole content of the temp folder and then deleting the files incase the cause was in there. Also zonealarm keeps blocking intrusions to my computer, but believe it is normal router probes after looking at the web. I think that is all i know so here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 19:36:58, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\sv... Read more

A:Winantiviruspro

hi again

i have been browsing a few of the threads on this forum and noticed that alot of the time there is a need to rename hijackthis and rescan, so thought i would do this and post a fresh log just incase i needed to do this in the future and so this might save you some time and effort, sorry if i'm wrong to do it though :)

Logfile of HijackThis v1.99.1
Scan saved at 21:58:00, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SWEEPSRV.SYS
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\W... Read more

19 more replies
Answer Match 39.48%

Deckard's System Scanner v20071014.68Run by William Stewart on 2008-07-05 07:11:02Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --36: 2008-07-05 11:11:13 UTC - RP390 - Deckard's System Scanner Restore Point35: 2008-07-05 09:26:30 UTC - RP389 - Avg8 Update34: 2008-07-05 09:24:36 UTC - RP388 - Avg8 Update33: 2008-07-04 14:40:46 UTC - RP387 - Avg8 Update32: 2008-07-04 14:32:39 UTC - RP386 - System Checkpoint-- First Restore Point -- 1: 2008-04-06 15:17:11 UTC - RP355 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as William Stewart.exe) -------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:12:52 AM, on 7/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explore... Read more

A:Winantiviruspro

Hello microcad,Welcome to Bleeping Computer Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Thanks,tea

2 more replies
Answer Match 39.48%

Howdy, I think my system has winantiviruspro, or from googling the anti-virus popups, this is what I think. I'm getting the fake virus warning messages and a fake virus scan as well as browser redirections.

Here's the hjt log - thanks in advance for any help in getting rid of this beastie! Its driving me nuts!

Goblingirl

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:08 PM, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svch... Read more

A:winantiviruspro?

16 more replies
Answer Match 39.48%

Hi,
I have a spyware/adware that keeps popping up pages when I surf the web with Internet Explorer or FireFox. Most of the ads are for WinAntivirusPro, but some are for other sites like www.errorsafe.com.

I saw the previous post about this, but could not apply the fix (the files listed for fixing in HijackThis were not availabe for me). Here is my HijackThis profile, could you help me by telling me what to do next?
Thanks so much.
Larry

-=-=-

Logfile of HijackThis v1.99.1
Scan saved at 2:30:21 AM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Larry Chu\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06... Read more

A:WinAntivirusPro

16 more replies
Answer Match 39.48%

Help, how do I get rid of this. It keep showing up, along with another one that is similar
 

A:WinAntivirusPro

16 more replies
Answer Match 39.48%

I cannot get rid of this issue for the life of me. Have used SpyBot & Adaware:

Here is the hijack log: Thank you for your help

Logfile of HijackThis v1.99.1
Scan saved at 7:01:11 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:... Read more

A:winAntiVirusPro

16 more replies
Answer Match 39.48%

Hello First time user and I am glad to have found you! I have the WinAntivirusPro virus and have followed the directions I found on your site. I still have the virus. Here is what I have done per your instructions:Enabled topic reply notification Enabled a firewall Scaned with Kaspersky online scanner (updated Java to current version before running)Downloaded DSS (my windows that came up looked nothing like your examples) I never received the HijactThis message box (I do not have this) Dss start to scan : The Notepad windows did not pop upI have followed your instructions twice. Help please. Thank you I have Microsoft XPEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

A:Winantiviruspro-help

Welcome to BCDSS/HijackThis logs are not permitted in this forum. The HJT Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. However, we may be able to assist you here and resolve this issue without having to post a log.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to c... Read more

9 more replies
Answer Match 39.48%

Logfile of HijackThis v1.99.1
Scan saved at 6:43:49 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy... Read more

A:WinAntivirusPro

now what??
 

2 more replies
Answer Match 39.48%

This program along with others like it keep appearing and running on startup. I also have a pic on my desktop saying that there is spyware on my PC and to install software. I have run AVG, Ad-aware, Vundo fix, Clean up, and spybot and still can't get the system clean. Also I sometimes get a "blue screen" like when the system crashes but if I hit a button it goes back to windows. There is alos a process KHALMNPR.EXE that I can't get rid of and there are also 7 svchost.exe processes running, not sure how many is normal.

Here is a current Hijackthis log. Hopefully someone can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:46 PM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Home\... Read more

More replies
Answer Match 39.48%

My computer is infected with "winantiviruspro" (ver 3.8). Does anyone know how to remove this from my computer?

A:Winantiviruspro (ver 3.8)

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.Close all other windows before proceeding.Double-click on dss.exe and follow the prompts.Please let your firewall allow the scanning/downloading process.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.If you are using Vista, you need to right-click at dss.exe icon and choose Run as AdministratorRegardsfenzodahl512

2 more replies
Answer Match 39.48%

Some how this annoying pop up came on my computer and I can't get it off. It isn't in my add/remove programs so can't go there with it. I don't want it on here and about every 2 minutes three things pop up regarding this program and I have to click out of it to continue what I'm doing. It is very annoying. I want it gone. Please help. Nancy
 

More replies
Answer Match 39.48%

Hello! I am getting WinAntiVirusPro 2006, Winfixer pop-ups, and pop us ads for Adult Friend Finder, Mortgages companies, and other services I don't use. What can I do?

Here is my HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 6:28:54 PM, on 4/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\C4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\... Read more

A:WinAntiVirusPro

7 more replies
Answer Match 39.48%

Hey,

Whenever I start any browser, (be it IE, Opera, or Firefox) I get an annoying popup, and it makes my computer start up significantly slower. I had a virus that avast found, but I think that it got rid of it, oh never mind, i guess there were a few, but a recent scan didn't find any this morning, and i was infected a few days ago...and all I wanted was my Red Alert 2 Key again (i threw out the case, and it had the key lol)

Win32:Adan-062
Win32urityscan-S
Win32:Trojan-gen
Win32:Zlob-BN
Win32:Small-TF
Win32:FakeAlert

Now I am also getting a corrupt explorer.exe too. it is a .ini file (i think egddg.ini) or something, but i searched under google and couldn't find anything. Anyways, I'll post the hijack this log (that seems customary by most people here)

Logfile of HijackThis v1.99.1
Scan saved at 10:56:30 PM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
G:\Tools\Avast\aswUpdSv.exe
G:\Tools\Avast\ashServ.exe
G:\Tools\Ewido\guard.exe
C:\WINDOWS\system32\svchost.exe
G:\Tools\Avast\ashMaiSv.exe
G:\Tools\Avast\ashWebSv.exe
C:\Tools\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.ex... Read more

A:WinAntiVirusPro Pop-Up

7 more replies
Answer Match 39.48%

I apologize. I don't know much about computers but somehow I got a rpogram that continually makes a window pop up in the lower right hand corner thats says "Windows antivirus. Windows has detected spyware infection! It is recomended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!" If I "x" the box out, it pops up again. Also, occasionally another box pops up that states "Windows Security Alert Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet file. Run full scan now to pervent and unathorised access to your files! Click here to download spyware remover ... (Yes) (No)" I think this is just to scare me into buying a product from a company because it leads to a website for WinAntiVirusPro_2007. I do not have access to Control Panels and when i try Add/Remove Programs it says "This operation has been cancelled to to restrictions in effect on this computer. Please contact your system administrator" AOL and Compaq support could not help. I Searched for files created in the time frame and found a few programs named Explore.exe and Info.exe and a few .dll files. It won't allow me to delete them because they are either write protected or in use. I've tried Ctrl+Alt+Delte and ended processes trying to figure out which one it is. I don'... Read more

A:WinAntiVirusPro

Welcome to TSG!

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

3 more replies
Answer Match 39.48%

Hi guyz,

No matter what im doing at the moment on my pc i keep getting popups all over the place with ERROR SAFE, 888.com and WINANTIVIRUS PRO.
Doesnt matter if im using IE or firefox or anything for that matter, IE opens windows in its own as long as im connected to the internet with these popups.

On top of this today my machine suddenly kept freezing, i was only looking at a webpage on firefox but no links would work etc and the mouse was very jerky, like it would only move every second or so as apposed to instantly as usual. Also while the machine was like this i couldnt even bring up task manager to kill any processes so had to force reboot.

Sorry i also should include, ive ran Smartfraudfix, vundofix, superantispyware, fixwareout and avg antispyware with no great results

Hijack log of machine included below

Logfile of HijackThis v1.99.1
Scan saved at 16:54:43, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetoo... Read more

More replies
Answer Match 39.48%

Somehow WinAntivirusPro got downloaded on my computer and it says that I have to go to Control Panel to get rid of it. I go there and it's not there. It is very annoying because it keeps on popping up and wants me to pay for it or I can't get rid of it. Help on removing this would be greatly appreciated.
 

A:How do I get rid of WinAntivirusPro

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Answer Match 39.48%

I am sure I have some sort of virus on my system as these pop ups emerge every five minutes or so I am desperate to sort my system out but I need a little help.

I have posted already about this problem but no one has replied.

please could you please have a look at my log and see what is up

i would be very grateful for any assistance.

cheers

Logfile of HijackThis v1.99.1
Scan saved at 11:15:38 AM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system3... Read more

A:WinAntivirusPro pop ups

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

2 more replies
Answer Match 39.48%

Hey guys, I am a computer not so great..

Anyway, I was in wireless and got hit by 2 forms of this on my laptop..

My laptop (forgive me if that term is outdated) won't boot up..It starts out normally loading windows, windows loads and then the big "winAntiVirusPro" logo comes to the middle of my screen and nothing else happens..

I tried doing the elementary things like dragging it into the recycle and going to the "Remove programs" function, but once it starts up (about a minute after the windows boots) everything else stops, so I don't know how I will download the programs discussed below to combat this..

Anyone have any feedback?

I am using a Dell Insperion 2200 I think with Windows XP..

Love you guys (well, like you guys, love you girls!!!!)
Mark
[email protected]
 

A:winAntiVirusPro

14 more replies
Answer Match 39.48%

Hi, for a few weeks i have been having a problem with a popup for winantiviruspro, i have read other forums and followed similar instructions but still cannot get rid of this problem, can someone please help, here is a copy of my hijack this log.

http://forums.techguy.org/register.php?a=ver
Logfile of HijackThis v1.99.1
Scan saved at 10:46:27 PM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
C:\Program Files\DVICO\FusionHDTV\Remote\FusionRc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\... Read more

A:winantiviruspro pop up

9 more replies
Answer Match 39.48%

My sister asked me for help to clean her computer. Well I got down to business and found this annoying thing. I ran Ad-Adware and then Spybot S&D. I rebooted and just for the sake of doing it, I ran HJT and to my surprise I found the entry

O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c

Am I missing something here?

Logfile of HijackThis v1.99.1
Scan saved at 2:47:50 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS... Read more

A:Winantiviruspro HJT LOG

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by double clicking the icon... Read more

1 more replies
Answer Match 39.48%

I can't get rid of this. It keeps popping up!! Please help.
 

More replies
Answer Match 39.48%

Hi, im a complete newbie at removing any adware/spyware or viruses and i really need some help as soon as possible!

For a few days my laptop has been bombarded with annoying popups like
stop debts
download anti virus removers
win ringtones
gambling online

and alot more, it also whenever i use Internet explorer keeps prompting me to download "winantivirusPRO" and other similar things

someone please help me to get rid of this fast
ive already tried a few things but nothing seems to have worked!

please please please help me
 

A:winantivirusPRO and pop ups- please help

Closing duplicate thread, please continue here:
http://forums.techguy.org/security/562281-please-help-popup-problems-hjt.html
 

1 more replies
Answer Match 39.48%

Hello all...This is my first post and I hope I've followed protocol. Computer keeps flashing Windows Security Alert, that says, "Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan to pervent any unauthorised access to your files! click here to download spyware remover!"I ran SmitfraudFix and it stopped the flashing X icon in the toolbar, but the Windows Security Alert keeps popping up. I also went through the list before posting HJT log, ie. clean internet files, Ad-Aware,Spybot,Housecall,McAfee Avert Stinger,firewall, security updates, etc. I could not install Zonelabs Zonealarm because it detected Computer Associates Antivirus on my computer and caused a conflict. I am a computer novice and am trying my best. When I installed the McAfee Avert Stinger, it told me to turn off my Windows Restore which I did, installed it, ran scan, then turned Restore Point back on. Was this correct? Should I create a new restore point before the whole thing crashes? Any help would be appreciated! ChrisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:19:34 PM, on 8/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass... Read more

A:Winantiviruspro

Hello christophergo,First off, I have some bad news for you. Your computer has been infected with a backdoor trojan. This is a type of malware that allows a hacker to remotely access and potentially compromise all aspects of your computer. This means that the hacker has access to any files, passwords, or other sensitive data that you have stored on this computer. I would recommend that you find another clean computer and change any passwords that have ever been entered on the compromised machine. In addition, you should take any steps that you would otherwise take in the case of attempted identity theft, as the hacker can take pretty much whatever they want when they have compromised your computer to this degree. For now, though, we are going to move on with the process of cleaning up your computer.Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Download SDFix and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedl... Read more

20 more replies
Answer Match 39.48%

Hi - been in the computer business a long time and really have kept a clean machine (running windows 2000). A week ago, I clicked the wrong thing and now have popups coming all the time. I have run Ad-aware, WIndows Defender, Microsoft Malicious Tool, SpyBot and a few others. PLEASE HELP.

Logfile of HijackThis v1.99.1
Scan saved at 8:44:24 AM, on 7/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech... Read more

A:Pop Ups - WinAntiVirusPro and others - HELP PLEASE

16 more replies
Answer Match 39.48%

hey there seem to be having problems with winantivirus pro popups everytime I'm on the internet they appear over whatever website I'm on and cannot be closed or moved pretty aggravating here is my HJT log any help would be great thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:01 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Progr... Read more

A:winantiviruspro and a HJT log

Welcome to TSG

Please rename Hijackthis.exe to hjt.exe

Please download
VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click YES
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will shutdown your computer,
click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new
HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not
remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for

Vundo button." when VundoFix appears at reboot.
 

1 more replies
Answer Match 39.48%

i've put my i.e on the highest level of security, accepting no cookies and when I close browser it goes back to low security accepting all cookies. I get several pop ups in winantiviruspro's favor. My mozilla even gets tabs popping up.. very little but still. I have AVAST, McAfee firewall, and use adaware and spybot daily. Today I downloaded and ran McAfee stinger before running the hijackthis log like it says to before posting on this forum. Just before i ran the log i kept getting a message from AVAST saying that some Win32 trojan was attacking and i clicked delete at least 7 times before it disappeared. After this, i'm probably going to go ahead and get linux. grrrrr, i've never had problems like this in my life until recently as i've let people watch online movies on here, grrrrrrrrrrr. -------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:41 PM, on 10/18/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Inte... Read more

A:Winantiviruspro Must Die

Hi purecoffe3 and Welcome to the Bleeping Computer!Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

4 more replies
Answer Match 39.48%

Hi can someone get rid of it plz . Below hijackthis log

ogfile of HijackThis v1.99.1
Scan saved at 22:08:12, on 03/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\WF2K.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EX E
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program F... Read more

A:winantiviruspro

11 more replies
Answer Match 39.06%

Today I received a trojan through an attempt to download something. I had other traces that appeared in Ad-Aware but I removed all but this nagging one, WinAntiVirusPro along with some tracking cookies. I ran a scan through HJT (Hijack This!) but I need an expert to read through my log and give me further instructions on what to do. Any prompt assistance or help in general would be greatly appreciated.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:51:20 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Ja... Read more

A:WinAntiVirusPro Problem

16 more replies
Answer Match 39.06%

Logfile of HijackThis v1.99.1
Scan saved at 5:36:20 PM, on 8/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\W... Read more

A:WinAntivirusPro 2006 got me too

7 more replies
Answer Match 39.06%

Ok, so here's the deal. Just formatted my computer, and right after I installed the mobo drivers, I got a virus/spyaware. Constantly rerunning AVG/Spybot/Adaware, in Safe Mode or otherwise, did not get rid of it. So I went searching online, found you guys. I figured that I could just read up on what other people did, but all your answers seem to be different. So I downloaded and ran the HiJackThis thingy, and here's the results.

I'd appreciate any help you're able to offer.

Logfile of HijackThis v1.99.1
Scan saved at 1:15:04 AM, on 01/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\wdfmgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jkkiffd.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Mess... Read more

A:WinAntiVirusPro Adaware

9 more replies
Answer Match 39.06%

Hii Sir...
I am seffering serious problems with Winantiviruspro,SystemDoctor and other popups.I have tried using AVG,McAfee,SpyBot,PandaSoftware etc to find what's going on.But in vein.Every time i try to open a page in Internet Explorer, the popup take control and will be redirected to the above pages.Please help me.... Following is my HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:08 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Progra... Read more

A:Help needed on Winantiviruspro Please...

16 more replies
Answer Match 39.06%

Greetings to all. I need some help. As in the title of this thread its the Winantivirus pro ad that keeps popping up and now others do too. I have tried the Vundo and Virtmundobegone progs, but still no change. I have posted the HJT log below. Many thanks in advance !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:28, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WIND... Read more

A:Solved: WinAntiVirusPro pop up ad

7 more replies
Answer Match 39.06%

I keep getting the pop up for WinantivirusPRO
I ran ad-aware se and symantec and it doesn't catch anything if I run Hijack this I get

Logfile of HijackThis v1.99.1
Scan saved at 4:37:43 PM, on 27/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Logfile of HijackThis v1.99.1
Scan saved at 4:41:21 PM, on 27/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Cisco Systems\VPN Client 4.0.3\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGR... Read more

A:Solved: Winantiviruspro

16 more replies
Answer Match 39.06%

Like several other posts, I am getting this virus, and my files don't quite match theirs. Here is my list from Hijack This...

Logfile of HijackThis v1.99.1
Scan saved at 15:32:46, on 25/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\internat.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Expl... Read more

A:winantiviruspro 2006

7 more replies
Answer Match 39.06%

Hello

I'm having problems with winantiviruspro, it keeps hijacking my browser and taking me to their site and I can't seem to get rid of it. Here is a post of my Hijackthis log .. don't know what else might be lurking in there.

Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 9:49:04 PM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\sv... Read more

A:How to clean WINANTIVIRUSPRO

13 more replies
Answer Match 39.06%

I'm having these same problems, Amaena WinAntiVirus PRo, some Regcleaner of some sort, and lots of porn pages popping up.

Here's the log from HijackTHis:

Logfile of HijackThis v1.99.1
Scan saved at 14:35:48, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\ARCHIV~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\ARCHIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\sy... Read more

A:WinAntiVirusPro Problem

Hi and welcome

Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
Use the arrow keys to select the Safe Mode menu item.
Press the Enter key.

Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.
Click “Configure scan options”
Under “Run AdOns” select the following:
Policies.def
Security.def

Click “apply”
Click "Start Scan"
It will scan the entire System, so please be patient and let it complete.
When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new Hijack This log.
 

1 more replies
Answer Match 39.06%

Hi all

I know you're probably all bored with this one, but could someone please help me remove winantivirus pro 2006 ?

Here is my logflie from hijackThis. Thanks a million for any help.

Logfile of HijackThis v1.99.1
Scan saved at 21:32:06, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Gri... Read more

A:Yet another Winantiviruspro victim

16 more replies
Answer Match 39.06%

Kaspersky just can't seem to finish these off so can someone help me out with getting rid of them for good?

Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:47:23 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Firefox\firefox.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
E:\Documents and Settings\All Users\Desktop\Hija... Read more

A:WinAntiVirusPro and Virtumonde

If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt – Even if it does not find anything.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click th... Read more

1 more replies
Answer Match 39.06%

Hi
I have problems with winantiviruspro and I think other popups. I am attaching my Hijackthis log and I hope someone can help. Thank you

Logfile of HijackThis v1.99.1
Scan saved at 6:33:35 AM, on 8/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\oracle\ora90\BIN\TNSLSNR.exe
d:\oracle\ora90\bin\ORACLE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\wuauclt... Read more

A:WinAntiviruspro problem

12 more replies
Answer Match 39.06%

Somehow I got this virus on my computer called WinAntivirusPro that has these fake pop ups that I'm infected with viruses. Please help me get rid of it. I can't uninstall it. Ran my McAfee and it didn't pick it up. pleeeease
 

A:Solved: Please help me. Can't get rid of WinAntivirusPro

16 more replies
Answer Match 39.06%

I just got a new laptop and I'm already infected with some kind of spyware. I've run adaware and spybot and zonealarm and multiple antivirus scans which show cookies which I remove but the problem keeps coming back. Multiple popups which are usually winviruspro related clog my screen every few seconds and slow the computer down. The web address in the popups have been:

http://winantivirus.com/pages/scanner/inde...1&lid=keyin
and

http://www.winantiviruspro.com/pages/newco...na_kw1&lid=

and similar addresses. Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:48:09 PM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Lynn\Desktop\Antivirus\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spy... Read more

A:Winantiviruspro popups-please help!

7 more replies
Answer Match 39.06%

I paid for this dumb program, and now I have found out how horrible it is... I cannot uninstall it, and I guess there is a backdoor trojan. I am very sceptical of what exactly it going on with my computer, but I DO know that this program needs to get off my computer. I d/led hijackthis, and I have the notepad printout of its results; however, I don't know what you meant when telling someone else to rename it something else...

Here is my results

Logfile of HijackThis v1.99.1
Scan saved at 12:08:34 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1127628341\ee\AOLSoftware.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program... Read more

A:Solved: WinAntiVirusPro

16 more replies
Answer Match 39.06%

Hi,

That thing is plaguing my computer (along with other things, I guess). This is my HJT log. Can anyone help? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:38:42 PM, on 6/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0... Read more

A:WinAntiVirusPro 2006

15 more replies
Answer Match 39.06%

Hi I currently have an advertisement telling me I needed to DL security for MyTob virus.
I was suspicious so googled the WinAntiVirusPro and got through to your site, specifically to http://forums.techguy.org/security/429241-winantiviruspro.html

I followed the first steps you suggested and have the following scan results

Logfile of HijackThis v1.99.1
Scan saved at 21:16:37, on 19/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Fil... Read more

A:Solved: Winantiviruspro

8 more replies
Answer Match 39.06%

Howdy all!

I've been browsing these forums for sometime now and love all the useful info you provide. With that being said I'd like to ask for a little help. I'm working on a computer right now that was infected with the WinAntiVirusPro deal last week and have been trying, for a couple days now, to get it to run right.

What I've done so far:
Installed and ran Ad-aware (nuked 52 problems)
Installed and ran Spybot (nuked 36 problems)
Uninstalled WinAntiVirusPro 2007
Ran the rougescanfix deal in safe mode
Installed Sophos Antivirus (the company I work for gets this free)
-on that note, it won't let me actually scan the computer saying that I don't have administrator rights. This just isn't true since there is only one account and it's set to admin.
Installed and ran HJT (log file below)
Installed and ran WinPFind3u (log file below as well)
Installed and ran VundoFix (found nothing)

So I'll post the logs below. Thanks ahead of time you guys!

Logfile of HijackThis v1.99.1
Scan saved at 8:46:06 AM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.e... Read more

A:Yet another WinAntiVirusPro problem

6 more replies
Answer Match 39.06%

Hi, I have the winantiviruspro2006 problem, and can't seem to get rid of it with conventional means (Spybot S&D, Adaware, Windows Defender, none worked). I ran Vundo and it removed a few things, and no longer is finding anything, also removed all installed Java apps, have not reinstalled yet. Here is my most recent Hijackthis log: Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 4:51:59 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Logon Loader\LogonLoader.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system... Read more

A:WinAntivirusPro 2006, asking for help.

10 more replies
Answer Match 39.06%

i have a win xp home sp2 - all windows updated ok.
but i continually have the WinAntiVirusPro keep popping up.
below is a hjt log and the last avg scan completed.
the machine did also have norton internet security on it - but this i have fully removed using the symntec removal tool.

TIA
Logfile of HijackThis v1.99.1
Scan saved at 13:18:25, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com/
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.e... Read more

A:Solved: WinAntiVirusPro - pls help

Is Norton's Internet Security Suite still installed or active?

Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
Use the arrow keys to select the Safe Mode menu item.
Press the Enter key.

Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.
Click “Configure scan options”
Under “Run AdOns” select the following:
Policies.def
Security.def

Click “apply”
Click "Start Scan"
It will scan the entire System, so please be patient and let it complete.
When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new Hijack This log.
 

3 more replies
Answer Match 39.06%

I've gotten rid of some of the compoenents but can't completely eliminate. Pop up for WinAntiVirusPro surfaces when computer is rebooted each time. Any advice is appreciated. Where should I start?
 

A:WinAntiVirusPro? Trojan?

8 more replies
Answer Match 39.06%

Well I thought I had this computer cleaned up but as I try to get online I start getting popups trying to install WinAntivirusPro2007. I did not let it install but this keeps happening ..... Here's the HJT log ... Thanks in advance for your help!

Logfile of HijackThis v1.99.1
Scan saved at 6:28:20 PM, on 2/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Anthony Boynton\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Sta... Read more

A:Solved: Need help with WinAntivirusPro PLEASE

16 more replies
Answer Match 39.06%

Novice here, but what a great site! I've read a good deal on what's already been posted here and elsewhere. Long story made short. Roomate clicked on pop ups and downloaded nasty stuff. Norton doesn't seem to detect. I've never had virus problems so need some help to remove the Winantivirus. I think i've taken care of the spywarequake...Any help is appreciated. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:29:33 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\alg... Read more

A:WinAntiVirusPro..06 & Spywarequake - Help!

6 more replies
Answer Match 39.06%

Alright, I thought I could fix this myself but I probably just screwed things up even more and now I am at a total loss. The main issues that I want to get rid of are that when I am browsing the internet, occasionally popups for spydoctor & winantiviruspro and the like will appear, and also on almost every click of a webpage a new Internet Explorer window opens up to http://85.12.25.95/trafc-2/rfe.php?cmp=dun_rot&nid=mc&lid=http&guid={3cadd0b5-1a61-443c-ae42-e7f616a88aa0} or something similar (it always begins with that IP address), though no webpage is displayed in this new window.

I've tried running ewido in safe mode (I am running Windows 2000 SP 4) but nothing happens, the program doesn't load properly, and after about 10 minutes a message comes up saying "something bad happened to ewido.exe" or something like that.

I tried running hijackthis and it crashes when it tries to save the log, but this is what is stored in the log file anyways:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:52 PM, on 19/07/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\MTS\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINN... Read more

A:winantiviruspro & 85.12.25.95 hijackings

9 more replies
Answer Match 39.06%

I have tried everytihng- SPYBOT, AVG 7.1, AD- ADWARE, Antinyxem, VUNDOFIX, and others all in safe mode, removed programs, deleted cookies, Please help. These pop-ups for sysprptect still come up and the computer is running slower. Here is my HIJACKTHIS LOG, TY in advance

Logfile of HijackThis v1.99.1
Scan saved at 4:52:47 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSS... Read more

A:I have the WINANTIVIRUSPRO VIRUS

14 more replies
Answer Match 39.06%

Hijack this file and VundoFix file posted here.

Logfile of HijackThis v1.99.1
Scan saved at 10:57:34 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\PCSecurityShield\Common\FSM32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.ex... Read more

A:Getting WinAntiVirusPro popups and others.. HELP!!!

9 more replies
Answer Match 39.06%

A neighbor has asked me to "look at her computer" to fix some problems with Internet Explorer. Having looked at it, it seems that she's got it infected with whatever causes WinAntiVirusPro 2006 to keep hijacking the browser. How can I remove it?

The OS is Win XP Home (SP2).
The browser is IE7 (I installed it over IE6 - thought it might help, but didn't!)

I've loaded the free versions of PC Tools Spyware Doctor, Spybot and Norton Security Scan. I've also loaded a full copy of Norman NVC (using my licence key temporarily) and Norman's Malware Cleaner. All of these detect and remove various things but after reboot they reappear. I've removed McAffee as the free trial had run out.

Looking at other posts, it seems the logfile from hijackthis seems to help - I've ran one and copied it below.

One other thing - rebooting into safe mode is wierd: the desktop comes up briefly then blanks. I can only get any response from it with a Ctrl-Alt-Del into task manager.

Logfile of HijackThis v1.99.1
Scan saved at 09:42:32, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.E... Read more

A:WinAntiVirusPro 2006

15 more replies
Answer Match 39.06%

Hello. Lately, I've been having a lot of popups from a WinAntiVirusPro software and some other random products like SpywareDoctor or what not. If someone would be willing to help me, I'd really appreciate it. Thanks in advance!

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:40:34 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\dummyprogram.exe

R1 - HKCU\Softwar... Read more

A:WinAntiVirusPro 2007?

16 more replies
Answer Match 39.06%

Hey,

I'm normally very vigilant and have never had an infection on this system yet, however I'm pretty sure that the problems I'm having now were caused by the downloading of a keygen from a site i knew was dodgy, but the times were desperate and i was a reckless one

As for the actual problems... a few days ago pop-ups began appearing directing me to winantiviruspro and i knew this was malware so did some research, but it didn't help me much. Adaware turned up a few things but didnt solve the problem and CWShredder finds nothing. Spybot S&D discovered and removed many threats however there is always something that comes back every time i run it after a system restart, namely Smitfraud. Norton Anti-virus found a few things and deleted them all except for one undeletable rtx.dll in system32, which i manually deleted in safe mode.
EDIT: My internet connection has been shaped to 64kbps because I reached the download cap, so I haven't been able to run the online scanners. I am going to a friends house soon and taking my computer so I will attempt to run one then.

The problem is now worse, there is a flashing icon in the system tray that displays a pop-up notice of "Critical System Errors". Clicking this opens a browser at winantiviruspro or virusbursters usually. My main browser is Opera, though i also use Firefox and IE occasionally. The advertisement pop-ups all occur through IE, but pop-ups for the winantivirus and virusburster sites have occured in al... Read more

A:Winantiviruspro Infection

You have multiple infections, and this will require several tools to get rid of it all. First, I need a bit more info.

I'd like you to rename HijackThis.exe to archan.exe. Navigate to C:\hjt\HijackThis.exe (or whereever the user has HJT located, as long as it's not in temp)
Right click on HijackThis.exe
Select 'Rename'
Type in archan.exe
Press Enter.

Post a new log with this renamed executable

3 more replies
Answer Match 39.06%

I have followed steps to remove that I have read in previous post but still occationaly get the pop up

Here is my log
Logfile of HijackThis v1.99.1
Scan saved at 11:38:42 AM, on 9/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\... Read more

A:winantiviruspro cleanup

If you have Vundofix already, delete it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
 

3 more replies
Answer Match 39.06%

I think i'm infected with WInAntivirus pro spyware...
I have tried several software such as: spybot and ad-aware,etc..

Here is my HiJackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 22:11:11, on 16/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WIN... Read more

A:WinAntiVirusPro Removal!!!

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

You will need to update AVG Anti-Spyware to the latest definition files.On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Next, please reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe M... Read more

1 more replies
Answer Match 39.06%

Hello. I am trying to clean a friends computer. They have the evil antiviruspro stuck on their machine. I went into Task Manager and stopped processes on Winantiviruspro.exe and antivrus.exe? (I believe it was called).

I am familiar with Hijackthis and I just need some directions to getting this beast off this machine! Thanks for your help and time!
 

More replies
Answer Match 39.06%

My computer was recently attacked by Winantiviruspro 2007. The symptoms were an exclamation mark within a yellow triangle in the taskbar and popups that said my system was infected with spyware and was copying files to the internet. It then offered a "solution"- Wiantiviruspro2007. I immediately logged into your forums and run the recommended anti-virus and anti-spyware scans i.e. Spybot Search and Destroy, Ad-aware, Housecall, Panda, Bitdefender,McAfee (Stinger) and even SUPERAntiSpyware. I installed Sygate Personal Firewall. By the time I completed this routine, the yellow triangle was gone and the popups stopped. My problem now is that when I restart my computer I cannot log into my network. The message is that either the domain controller is down or my account cannot be found. I can only log in after shutting down my computer completely and booting. The second problem is I cannot perform a system restore. The third problem is I cannot use the Windows Update site to get updates. The message is that the network policy settings do not allow me to use the site to get updates. The fourth problem is that I have lost access to my control panel, 'My Computer' properties and the system date and time. There may be more problems that I'm not yet aware of since I'm not exactly a computer expert (My Norton Antivirus came up with an error- 'some components missing') Please help me urgently as I have to solve these problems before the system administrator finds out! I don'... Read more

A:Winantiviruspro Attack

Download SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.exeDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Post the smitfraudfix log and a new HijackThis log

3 more replies
Answer Match 39.06%

here is my log. please help!! i have tried vundofix, and it found nothing, i also try vundobegone or whatever its called, and that found nothing as well. i keep getting security alert: [email protected] in my task bar. i dont know how i got it, but i have winviruspro 2006 and its messing everything up.
(i posted this in another thread, but then realized that he had asked to create a new one)

Logfile of HijackThis v1.99.1
Scan saved at 3:57:44 PM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1141136574\ee\AOLSoftware.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
... Read more

A:winantiviruspro 2006

Closing duplicate post, please continue here: http://forums.techguy.org/security/532339-vundofix-help.html#post4321145
 

1 more replies
Answer Match 39.06%

Hi, my friend's computer seems to be infected with the WinAntiVirusPro 3.8 spyware and I can't seem to get rid of it. I followed the directions about posting and my logs are listed below. I tried removing some pieces based on google searches, but it hasn't gotten rid of everything. Windows still boots up fine, but the background is pale blue instead of an image, and nothing shows up in the system tray by the clock. I'm sure there's more wrong that we just haven't noticed. Thanks in advance for the help! It's cool to have people that help others like this online with these crazy problems!The Main.txt file:Deckard's System Scanner v20071014.68Run by Leah on 2008-07-22 13:36:57Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-07-22 17:37:03 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.System Drive C: has 3.86 GiB (less than 15%) free.-- HijackThis (run as Leah.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:39:28 PM, on 7/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:&#... Read more

A:Winantiviruspro 3.8 Infection

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512

6 more replies
Answer Match 39.06%

Logfile of HijackThis v1.99.1Scan saved at 8:41:45 PM, on 8/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\system32\hevhcodi.exeC:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Southwest Airlines&... Read more

A:Winantiviruspro Popups

Hello zjjoseph303,Please download Combofix to your desktop.Doubleclick combo.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt.Post this log in your next reply together with a new hijackthislog.

2 more replies