Member Avatar for zabooza

I'm a newbie so bare with me. I have been getting crazy amounts of popups. I've done all kinds of spyware and virus scans, even removing a lot that were found, but still the popups won't go away. Most of the popups are antivirus/spyware related. The most frequent ones are for WinAntiVirusPro2007. Some of these popups even attempt to install these things.
Even when i'm not using IE I can sometimes hear clicks like a link has been clicked. From reading other threads, I downloaded Hijackthis and here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 8:22:50 PM, on 7/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wwSecure.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINNT\system32\cacqyeto.dll",forkonce
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {00000005-0000-0000-0000-100009000004} - http://c.imputati.com/l/47d3ed3d10581257e4a030898946d613_35.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182615199734
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://cab.contraviruspro.com/install209.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D94E9ACE-914F-4C44-B053-62B682028640}: NameServer = 192.168.15.1,192.168.15.1
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\system32\wwSecure.exe

Any help is greatly appreciated!

Edit: I posted in the wrong section, feel free to move.

  • 3 Contributors
  • 7 Replies
  • 98 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by caperjack

Recommended Answers

All 7 Replies

Member Avatar for zandiago

Good day.....a couple things.....You can definately install a pop-up blocker to see if that works...in additional to virus removal, i recommend the following...a thorough scan for trojans, worms, malwares, adwares, spywares. After removing viruses ect...i would recommend reparing/cleaning your registry (with REGCURE software). My reccomendations for all your other malwares ect...Adware, spyware begone, Avast cleaner, Ace cleanup, ParetoLogic XoftSpySE, PREVX are just of the few you can try.
2nd. Also, there are some non-legitimate anti-virus programs that will try to install themselves onto your PC...do not install them...if you run then on your computer and you do a scan...it will detect itself as being a virus.
3rd. I need to know if your internet firewall has been disabled and is your computer slowing down?

Member Avatar for zabooza

I'm not currently running a firewall. Well no software one. The only thing is the one that my vonage router uses. And yes, the computer seems a bit "laggy".

Also, is it normal to have more than one svchost process to be running? Seems that 3 are running on mine.

I downloaded and ran Spybot last night, and it found 40 spies. After removing them all, the same stuff is happening.

Member Avatar for zandiago

Try using the sotwares that i indicated in my first response. i do strongly recommend enabling your windows firewall. Svchost may often show up in errors caused by viruses. What % does it use on ur PC? I also reccm that you keep ur computer update. i.e. if you have windows...keep it update by microsoft by enabling 'auto-update'. There are still definately traces of virus on your computer.

Member Avatar for zabooza

Thanks Zand, I'll keep you updated.

Member Avatar for zabooza

Well the adaware I was using was regular 6.0. I downloaded SE and it found a lot more stuff, including a couple trojans. Didn't have much time to check out how it was working this morning before work, but from the 5 minutes I was browsing I didn't get a popup. Maybe I'm good.

Member Avatar for zandiago

Glad that I could could help...but as a precaution i'd recommend enabling your firewall and diagnosing your pc with the softwares that i mentioned in my first post....no one software is the ultimate...some will pick-up thing others won't and vice versa...so after completing such diagnostics, lemme know the results.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.