spyware, pop-ups and more; amaena??

Question

dhawk4936 0 Newbie Poster

16 Years Ago

I have ran various spyware to clean my PC of the unwanted spware, pop-ups and more. Nothing has worked. I ran accross your forum and decided to try one more time before - formatting the hard drive. Anyway, below is my log after running SDFix: Help. Tired of the pop-ups.:scared:

SDFix: Version 1.79
Run by Deirdre Hawkins - Wed 04/18/2007 - 23:07:28.68
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\DEIRDR~1\Desktop\sdfix\SDFix
Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\windows\regedit.com - Deleted


Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\windows\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\windows\system32\svchost.exe
No streams found.


Final Check:
Remaining Services:
------------------


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\windows\\System32\\ftp.exe"="C:\\windows\\System32\\ftp.exe:*:Disabled:File Transfer Program"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\DEIRDR~1\Desktop\sdfix\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Documents and Settings\Deirdre Hawkins\Favorites\Channels\Business\The Quicken.com Channel\desktop.ini
C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\System Volume Information\_restore{991A4AEA-EBA0-42CE-A211-3864329DB99E}\RP420\A0791213.dll
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0838e3ca46c974d22be0ec664b800381\BIT2.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTR6.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FOR7.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTR7.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FOR8.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTR8.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FOR9.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTR9.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FORA.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTRA.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FORB.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTRB.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FORC.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTRC.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FORD.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTRD.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FORE.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTRE.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FORF.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTRF.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FOR10.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\ZTR10.tmp
C:\Documents and Settings\the graduate\Local Settings\Temp\FOR11.tmp
Finished

windows-virus

Edited 11 Years Ago by happygeek because: fixed formatting

4 Contributors
11 Replies
215 Views
3 Weeks Discussion Span
Latest Post 16 Years Ago Latest Post by danmac8

All 11 Replies

joshSCH 1,062 Industrious Poster

16 Years Ago

Try a system restore.

If that doesn't work then try: Avast Virus protection http://www.avast.com/eng/download-avast-home.html

Ad-aware se personal
spybot- search and destroy

Those programs are the best, and should definitely fix your problem.

crunchie 990 Most Valuable Poster

16 Years Ago

Please download VundoFix.exe
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

=====

Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

crunchie 990 Most Valuable Poster

16 Years Ago

Please do as I requested and download hijackthis from the link I provided. The one you are using is a Beta version.

==

Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.

Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.

===========

Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.

cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit

Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

dhawk4936 0 Newbie Poster · Answer 1 · 2007-04-28T10:47:49+00:00

Please download VundoFix.exe
to your desktop.
Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
=====
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

*********************************************************
Thanks for your reply. My concern is that this spyware,malware is deep inside the registry. I have ran the VUNDO but nothing was removed. I have ran several spyware apps and still the pop-ups. Please help me. I don't want to have to re-format this computer. I truly need help. Below is my hijackthis log.

Thanks,
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:20:49 AM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\NCOVPN462\cvpnd.exe
C:\windows\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\khooker.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Documents and Settings\Deirdre Hawkins\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.metacrawler.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.metacrawler.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.metacrawler.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.metacrawler.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar9.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar9.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: NCO Group, Inc. NCO VPN Client.lnk = C:\Program Files\NCOVPN462\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120703513254
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135820050079
O16 - DPF: {9D887407-4690-45C0-9451-15CD63E615CA} (Track-It! Memo Control) - http://corsql02/tiweb65/downloads/BOSIActiveXMemoControl.cab
O16 - DPF: {D636032F-E4DE-4851-AA0C-D5D6A66B8318} (BOSIActiveFormX Control) - http://corsql02/tiweb65/downloads/BOSIActiveXGrid.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NCOVPN462\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7875 bytes
:(

dhawk4936 0 Newbie Poster · Answer 2 · 2007-05-02T00:20:26+00:00

Please do as I requested and download hijackthis from the link I provided. The one you are using is a Beta version.
==
Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.
Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.
===========
Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.

cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit

Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.
***********************************************************
Malware Removal - Downloads Page
Anti-malware programs will be added here as the authors give agreement to my hosting a download page for their tools.
Until such authority is given, my friend Subratam (www.subratam.org) has allowed me to link to his download server for the more common tools.
PLEASE USE THESE TOOLS IF AND WHEN REQUIRED AND ADVISED BY AN EXPERT
This is the place where you can find special security tools made for particular malwares.
1. HijackThis - Please Do NOT use this software on your own. Get advice from an expert. Powerful Removal Tool by Merijn.Help page (now at version v1.99.1)
2. Also available as a exe download from HijackThis, Also a self-extracting zip from here
Also as a self-installing verson from here With detailed instructions available here
3. PV.ZIP - A tool made by Shadowwar which helps to recognize the new strain of CWS with the hidden dll.
4. Start.Chm fix - Another tool by Shadowwar mainly to counter the latest start.chm variation of CWS
5. Start Up List vb2.0 - The list contains information about start up entries that can be helpful for analysing.
6. CWS Domain List - The updated CWS domain lists that can be used for further needs.
7. Toolbar List - The list contains information about toolbars that can be helpful for analysing.
8. BHO List - The list contains information about Browser Helper Objects that can be helpful for analysing.
9. (i) VX2.BetterInternet Finder XP/2k - The latest Look2Me Fix brought out by Option Explicit. This one is effective but O^E will be continously updating it here if new versions out.
(ii) Version Msg126 - New Version for L2M is out and it is autoupdating to Msg126. If the user has "old L2M" VX2Finder will do the job, but it is better we run this tool first now, as because we know L2M autoupdates.
10. (i) VX2.BetterInternet Finder 9x - The latest Look2Me Fix brought for Windows 9x
(ii) Version Msg126 for 9x - The VX2Finder version for windows 9x to negate the latest L2M Version Msg126
11. Peper Fix - The tool for fixing Peper trojan, made by O^E.
12. LSP Fix - This program attempts to correct Internet connection problems resulting from buggy or improperly-removed Layered Service Provider (LSP) software. When you start LSP-Fix, it will read the list of LSP modules from the Windows registry and verify that each module is present. If a module is missing, the LSP data will be placed on the "Remove" list for removal.
13. About Buster - Use this tool to negate the latest CWS variant "res://". Complete details of how to use and updates maintained -> Click Me
14. Bug Off - If you have not installed Service Pack 2 for Windows , you can use BugOff to disable the vulnerable objects until it is.
15. KillBox -KillBox is updated and is now Pocket KillBox. New features and easier to use. Powerful tool, so use only when being told and required.
16. WinSockFix A tool to fix Winsock problems, internet connection problems which can at times caused by spywares

Each of these tools is frequently updated and we will make sure that the versions here are up to date as we are in contact with the authors. If you find any problems or broken links, please contact a member of the administration team.
********************************************************
Above is the site that your here took me to. You are asking me to run #1. Are the other selections beta or did I select the wrong one?
thanks,

dhawk4936 0 Newbie Poster · Answer 3 · 2007-05-02T00:22:01+00:00

I re-read the instructions. I will re-run the self-extracting Hijackthis when I go home.

thanks,

dhawk4936 0 Newbie Poster · Answer 4 · 2007-05-02T09:11:30+00:00

Thanks for your help. I have completed all of the steps per instruction.
I am reay to fix this problem.

**************************************
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
AVG Anti-Spyware 7.5
AVG Free Edition
Belarc Advisor 7.2
Brother MFL-Pro Suite
ClamWin Free Antivirus 0.90.1.1
DellConnect
DriverMagic
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Internet Explorer Q903235
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft NBA Inside Drive 2000
OpenOffice.org 2.0
PaperPort
Quick Zip 4.60.007
QuickTime
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SiS 300/305
SiS305_305 V1.15
Spybot - Search & Destroy 1.4
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
V - The File Viewer
Verizon Online
Verizon Online Support Center
VNC Free Edition 4.1.1
VPN Client
Weather Services
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinImage
XoftSpySE
Logfile of HijackThis v1.99.1
Scan saved at 10:26:02 PM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\NCOVPN462\cvpnd.exe
C:\windows\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\khooker.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\windows\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\windows\system32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.metacrawler.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.metacrawler.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.metacrawler.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.metacrawler.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar9.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar9.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: NCO Group, Inc. NCO VPN Client.lnk = C:\Program Files\NCOVPN462\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120703513254
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135820050079
O16 - DPF: {9D887407-4690-45C0-9451-15CD63E615CA} (Track-It! Memo Control) - http://corsql02/tiweb65/downloads/BOSIActiveXMemoControl.cab
O16 - DPF: {D636032F-E4DE-4851-AA0C-D5D6A66B8318} (BOSIActiveFormX Control) - http://corsql02/tiweb65/downloads/BOSIActiveXGrid.cab
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NCOVPN462\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Common Files
CHAT
PLUS!
NetMeeting
Accessories
Internet Explorer
FrontPage Express
Outlook Express
Online Services
Uninstall Information
Windows NT
MSN
MSN Gaming Zone
Messenger
Windows Media Player
WindowsUpdate
ComPlus Applications
Movie Maker
microsoft frontpage
xerox
Adobe
McAfee
InstallShield Installation Information
Motive
Verizon Online
NCO Group, Inc
Cas
V
QuickZip4
BFG
SpongeBob SquarePants Movie 3D Game
Jasc Software Inc
Java
OpenOffice.org1.1.4
TTERMPRO
SymplisIT
SiS305_V1.15
ScanSoft
Brother
RealVNC
Google
QuickTime
ArcadeRockstar
Infogrames Interactive
GameSpy Arcade
Screensavers.com
OpenOffice.org 2.0
NCOVPN462
Grisoft
Enlight
Yahoo!
Free Offers from Freeze.com
Freeze.com
The Weather Channel FW
SpywareRemover
Spybot - Search & Destroy
RegCleaner
Belarc
Microsoft Games
XoftSpySE
ClamWin
NTE
Lavasoft
Hijackthis

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 5 · 2007-05-04T03:09:49+00:00

crunchie 990 Most Valuable Poster

16 Years Ago

What problem(s) are you still having?

dhawk4936 0 Newbie Poster · Answer 6 · 2007-05-05T00:59:54+00:00

What problem(s) are you still having?
I am still having the pop-ups and the re-directions. My computer is still sluggish. Can it be fixed or is the problem to far gone?
One of the threads actually had the same problem or similar and theirs was able to be fixed with using different spyware. I also saw that one person had to rename hijackthis because the spyware was able to id it and "hide" from it. Either way, I just want to be able to put my PC back into working condition.
thanks,

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 7 · 2007-05-06T06:22:28+00:00

Please download VundoFix.exe
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

danmac8 0 Newbie Poster · Answer 8 · 2007-05-11T12:45:12+00:00

I ran started at the top of the list at virus-help.org and scanned all night to get rid of my spyware. Use multiple scans to check and balance...

spyware, pop-ups and more; amaena??

Recommended Answers Collapse Answers

All 11 Replies

Recommended Answers