Windows Support Forum

Winfixer Popup & Sexbuddies Popup/infected W/trojan.vundo Per Norton

Q: Winfixer Popup & Sexbuddies Popup/infected W/trojan.vundo Per Norton

I have scanned with ad-aware norton anti-virus which says it is unable to fix virus spy-bot search amp destroy as well as msn anti-spyware beta I continue to get a virus notification from Norton when I turn on & Per Sexbuddies Winfixer Popup/infected Norton W/trojan.vundo Popup my computer I have had this problem about - days The first time I got one of the winfixer pop-ups I had just opened an email from someone I have had emails from before Thank you for Winfixer Popup & Sexbuddies Popup/infected W/trojan.vundo Per Norton your assistance Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes Winfixer Popup & Sexbuddies Popup/infected W/trojan.vundo Per Norton C WINDOWS System smss exeC Winfixer Popup & Sexbuddies Popup/infected W/trojan.vundo Per Norton WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS System CTsvcCDA exeC PROGRA NORTON NORTON GHOSTS EXEC Program Files Norton SystemWorks Norton AntiVirus navapsvc exeC Program Files Norton SystemWorks Norton Utilities NPROTECT EXEC WINDOWS System nvsvc exeC PROGRA NORTON SPEEDD nopdb exeC WINDOWS System svchost exeC WINDOWS SYSTEM ZoneLabs vsmon exeC WINDOWS System MsPMSPSv exeC Program Files Common Files Symantec Shared Security Center SymWSC exeC WINDOWS Explorer EXEC Program Files Intel Modem Event Monitor IntelMEM exeC WINDOWS system dla tfswctrl exeC WINDOWS System DSentry exeC Program Files Dell Media Experience PCMService exeC Program Files Norton SystemWorks Norton Ghost GhostStartTrayApp exeC WINDOWS surfmonkey smproxy exeC Program Files MUSICMATCH MUSICMATCH Jukebox mmtask exeC Program Files EarthLink TotalAccess Accelerator PropelAC exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Dell Support DSAgnt exeC Program Files EarthLink TotalAccess TaskPanl exeC Program Files HP Digital Imaging bin hpqtra exeC WINDOWS system rundll exeC Program Files Creative SBLive Diagnostics diagent exeC Program Files Microsoft AntiSpyware gcasDtServ exeC Program Files EarthLink TotalAccess FastLane IPClient exeC WINDOWS system wuauclt exeC Program Files Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http localhost O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO EarthLink Popup Blocker - B F E - F - a-B -B E C EDF - C Program Files EarthLink TotalAccess PnEL dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO MSEvents Object - A C -B A - EC-B C- CE CA ECC A - C WINDOWS system ddaya dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton SystemWorks Norton AntiVirus NavShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton SystemWorks Norton AntiVirus NavShExt dllO - Toolbar Pop-Up Blocker - D F B - - AF- -B FA D E - C Program Files EarthLink TotalAccess PnEL dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exeO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run DVDSentry C WINDOWS System DSentry exeO - HKLM Run PCMService quot C Program Files Dell Media Experience PCMService exe quot O - HKLM Run diagent quot C Program Files Creative SBLive Diagnostics diagent exe quot startupO - HKLM Run UpdReg C WINDOWS UpdReg EXEO - HKLM Run RealTray C Program Files Real RealPlayer RealPlay exe SYSTEMBOOTHIDEPLAYERO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run ccRegVfy quot C Program Files Common Files Symantec Shared ccRegVfy exe quot O - HKLM Run GhostStartTrayApp C Program Files Norton SystemWorks Norton Ghost GhostStartTrayApp exeO - HKLM Run ELNKProxy C WINDOWS surfmonkey smproxy exeO - HKLM Run mmtask C Program Files MUSICMATCH MUSICMATCH Jukebox mmtask exeO - HKLM Run Propel Accelerator C Program Files EarthLink TotalAccess Accelerator PropelAC exeO - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe ConsumerO - HKLM Run HP Software Update quot C Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run Zone Labs Client C Program Files Zone Labs ZoneAlarm zlclient exeO - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKCU Run Yahoo Pager C Program Files Yahoo Messenger ypager exe -quietO - HKCU Run DellSupport quot C Program Files Dell Support DSAgnt exe quot startupO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run E TaskPanel quot C Program Files EarthLink TotalAccess TaskPanl exe quot -winstartO - Global Startup HP Digital Imaging Monitor lnk C Program Files HP Digital Imaging bin hpqtra exeO - HKCU Software Policies Microsoft Internet Explorer Control Panel presentO - Extra context menu item Refresh Pa amp ge with Full Quality - C Program Files EarthLink TotalAccess Accelerator pac-page htmlO - Extra context menu item Refresh Pi amp cture with Full Quality - C Program Files EarthLink TotalAccess Accelerator pac-image htmlO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra button no name - d f - f - d - - c a - windir bdoscandel exe file missing O - Extra 'Tools' menuitem Uninstall BitDefender Online Scanner v - d f - f - d - - c a - windir bdoscandel exe file missing O - Extra button Real com - CD F -D E - d - FE- C F AFE - C WINDOWS System Shdocvw dllO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Trusted Zone musicmatch comO - Trusted Zone musicmatch com HKLM O - DPF -C A- E-A -C C BBF Windows Genuine Advantage - http go microsoft com fwlink linkid clcid x O - DPF B CD - E - D - - A C Yahoo Audio Conferencing - http us chat yimg com us yimg com i cha v yacscom cabO - DPF E F- D - A - DD -E EEEC Symantec RuFSI Utility Class - http security symantec com sscv SharedC n bin cabsa cabO - DPF D E C -BD A- D - A - A D Yahoo Audio UI - http chat yahoo com cab yacsui cabO - DPF A - B - CF- B - AA A F SurroundVideoCtrl Object - http carpoint msn com Components Ocx SurVid MSSurVid cabO - DPF B F - - C -AA A- BB YAddBook Class - http us dl yimg com download yahoo com utocomplete cabO - DPF F E CEF-A - C -BA E- CAF EE C MSN Chat Control - http chat msn com bin msnchat cabO - HKLM System CCS Services Tcpip EC DF- D - A-BA -D BEBBBEF NameServer O - HKLM System CS Services Tcpip EC DF- D - A-BA -D BEBBBEF NameServer O - Winlogon Notify ddaya - C WINDOWS system ddaya dllO - Service Symantec Event Manager ccEvtMgr - Symantec Corporation - C Program Files Common Files Symantec Shared ccEvtMgr exeO - Service Symantec Password Validation Service ccPwdSvc - Symantec Corporation - C Program Files Common Files Symantec Shared ccPwdSvc exeO - Service Creative Service for CDROM Access - Creative Technology Ltd - C WINDOWS System CTsvcCDA exeO - Service GhostStartService - Symantec Corporation - C PROGRA NORTON NORTON GHOSTS EXEO - Service Norton AntiVirus Auto Protect Service navapsvc - Symantec Corporation - C Program Files Norton SystemWorks Norton AntiVirus navapsvc exeO - Service Intel NCS NetService NetSvc - Intel reg Corporation - C Program Files Intel NCS Sync NetSvc exeO - Service Norton Unerase Protection NProtectService - Symantec Corporation - C Program Files Norton SystemWorks Norton Utilities NPROTECT EXEO - Service NVIDIA Driver Helper Service NVSvc - NVIDIA Corporation - C WINDOWS System nvsvc exeO - Service Pml Driver HPZ - HP - C WINDOWS system HPZipm exeO - Service ScriptBlocking Service SBService - Symantec Corporation - C PROGRA COMMON SYMANT SCRIPT SBServ exeO - Service Symantec Network Drivers Service SNDSrvc - Symantec Corporation - C Program Files Common Files Symantec Shared SNDSrvc exeO - Service Speed Disk service - Symantec Corporation - C PROGRA NORTON SPEEDD nopdb exeO - Service SymWMI Service SymWSC - Symantec Corporation - C Program Files Common Files Symantec Shared Security Center SymWSC exeO - Service TrueVector Internet Monitor vsmon - Zone Labs LLC - C WINDOWS SYSTEM ZoneLabs vsmon exe

Relevancy 100%
Preferred Solution: Winfixer Popup & Sexbuddies Popup/infected W/trojan.vundo Per Norton

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Winfixer Popup & Sexbuddies Popup/infected W/trojan.vundo Per Norton

I forgot to add this above in my first post - Norton says that the virus is in c:windows\system32\ddaya.dll.

http://www.bleepingcomputer.com/forums/t/35506/winfixer-popup-sexbuddies-popupinfected-wtrojanvundo-per-norton/
Relevancy 88.35%

I have had these infections for some time and have tried everything I can think of to remove them with no success The best I can tell the pesky file that is causing all the trouble and that I cannot delete is ddaww dll and is in the Windows System folder if I try to delete the file I get a message that the file is in use This file triggers my Norton File System Realtime Protection constantly and keeps my computer continually locked up The Popup Winfixer Infection Trojan.vundo.b Ad And only way to get any relief is to disable the Realtime Protection which only stays off for minute intervals before it automatically turns itself back on I have located this ddaww dll in RegEdit but cannot delete it out of there either I have tried every ad ware and spy ware and virus software I can find including purchasing a couple and nothing worked Even the small removal tool offered by Norton does not work The virus kicks in as Winfixer Ad Popup And Trojan.vundo.b Infection soon as Winfixer Ad Popup And Trojan.vundo.b Infection the system starts up and even before I get to the logon screen When the logon screen finally comes up the realtime visus alert is already displaying showing the following Scan type Realtime Protection ScanEvent Virus Found Virus name Trojan Vundo BFile C WINDOWS system ddaww dllLocation C WINDOWS system Computer ARK LT User SYSTEMAction taken Clean failed Quarantine failed Access deniedDate found Sun Nov Following is the log from HijackThis Thanks for the help StartupList report PMStartupList version Started from C Virus HijackThis EXEDetected Windows XP SP WinNT Detected Internet Explorer v SP Using default options Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Common Files AOL ACS AOLAcsd exeC Program Files Common Files AOL TopSpeed aoltsmon exeC Program Files Network ICE BlackICE blackd exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files Symantec Client Security Symantec AntiVirus DefWatch exec Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files Symantec Client Security Symantec AntiVirus Rtvscan exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS System svchost exeC WINDOWS wanmpsvc exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS AGRSMMSG exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files HPQ Quick Launch Buttons EabServr exeC PROGRA SYMANT SYMANT vptray exeC Program Files Roxio Easy CD Creator DragToDisc DrgToDsc exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files AOL ACS AOLDial exeC ImageMate CompactFlash USB SandIcon ExeC Program Files RSA Security Web PassPort Plug-In system sdtray exeC Program Files RSA Security Web PassPort Plug-In System sdlss exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Common Files AOL ee AOLHostManager exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Microsoft AntiSpyware gcasServ exeC Program Files iTunes iTunesHelper exeC Program Files Common Files AOL ee AOLServiceHost exeC Program Files Support com bin tgcmd exeC Program Files iPod bin iPodService exeC Program Files Microsoft AntiSpyware gcasDtServ exeC Program Files Hewlett-Packard HP Mobile Printing HPBMOBIL EXEC Program Files Google Google Desktop Search GoogleDesktop exec program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exeC Program Files Common Files AOL ee AOLServiceHost exeC Program Files Yahoo Messenger ymsgr tray exeC Program Files Network ICE BlackICE blackice exeC Program Files Google Google Desktop Search GoogleDesktopIndex exeC Program Files Google Google Desktop Search GoogleDesktopCrawl exeC Program Files Internet Explorer iexplore exeC Virus HijackThis exe--------------------------------------------------Listing of star... Read more

A:Winfixer Ad Popup And Trojan.vundo.b Infection

Hi and You've haven't posted a hijackThis log unfortunatley. Please:Hi my name is David launch Hijack This.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.David

http://www.bleepingcomputer.com/forums/t/36095/winfixer-ad-popup-and-trojanvundob-infection/
Relevancy 83.08%

Hello! I am new and need some help. Apparently I have a trojan.vundo virus on my computer. I have windows 2000 pro. I have Norton AntiVirus and have run multiple scans which all come up with no virus or infected files. Yet I keep getting this annoying virus alert red box that says Norton AntiVirus has detected a virus. It says "object name: C:\WINDOWS\system32\pmnli.dll. Then under that it says "virus name: trojan.vundo". Action taken: access to the file was denied. unable to repair this file."

So I downloaded and ran the fix vundo program from the website and it says no virus was found, yet it keeps giving me this virus alert pop up window.

What do I need to do to get rid of this? Thank you!

A:Norton Popup Trojan.vundo Can't Remove

Hello and welcome to Bleeping ComputerNOTE: all blue wording are links to instructionsFirst you will need to follow the instructions in our TutorialHow To Remove Vundo/Winfixer InfectionDownload Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opers browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Please ask any needed questions,post log and Let us know how the PC is running now.

http://www.bleepingcomputer.com/forums/t/131414/norton-popup-trojanvundo-cant-remove/
Relevancy 107.93%

It seems that while downloading some files off of limewire I downloaded a harmful program which since has caused Popups and Popunder Ad Internet Explorer windows to frequently appear whether or not I am on Internet Explorer I have followed and Trojan Infected with Vundo, Popup Popunders Virtuamonde, the required steps and it seems that some of the issues have Infected with Trojan Vundo, Virtuamonde, Popup and Popunders been resolved but I do know that the trojan vundocould not be deleted by Bitdefender I am concerned that my computer security may be compromised and that I may have to reinstall Windows which would be a massive headache Please help I am using Windows XP Professional and my Hijackthis log is as follows Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Common Files BitDefender BitDefender Update Service livesrv exeC Program Files BitDefender BitDefender vsserv exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Creative Shared Files CTAudSvc exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system CTsvcCDA EXEC Program Files ewido anti-spyware guard exeC WINDOWS System svchost exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS System svchost exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC WINDOWS Explorer EXEC Program Files Creative Shared Files Module Loader DLLML exeC Program Files Creative Volume Panel VolPanlu exeC WINDOWS system rundll exeC WINDOWS system rundll exeC Program Files QuickTime qttask exeC WINDOWS system ctfmon exeC Program Files BitDefender BitDefender bdagent exeC Program Files BitDefender BitDefender seccenter exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC WINDOWS system NOTEPAD EXEC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www yahoo comR - HKCU Software Microsoft Internet Explorer Main Start Page www msn com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO e fbad -bba -c - db - d d d f e - e f d d - d - bd - c- abb dabf e - C WINDOWS system dditqh dllO - BHO no name - F CB C- DE- E - D D- D FC C F - C WINDOWS system qoMFWOhE dll file missing O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dllO - Toolbar BitDefender Toolbar - FFDE - - f -B D-FC A F C - C Program Files BitDefender BitDefender IEToolbar dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run Au... Read more

A:Infected with Trojan Vundo, Virtuamonde, Popup and Popunders

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerAlso, please uninstall Ewido, because this one is way outdated and is now a part of AVG.Then, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/177444/infected-with-trojan-vundo-virtuamonde-popup-and-popunders/
Relevancy 106.64%

Popups started appearing after my son had Ad Popup/vundo Infection Winfixer played web games on my computer After googling I read some tech advice to download and run HijackThis which I did I then ran the program 'FixVundo' and deleted the infections which took hours to scan But now I still get popups appearing plus some warnings that my system is unstable certain files not found in C WINDOWS system I have tried following your online documented procedure - I have run AdAware and deleted infected files until there were no more found - then I tried running Spybot but got a message 'cannot find a file' can't remember what it was now so I aborted setup - Now I have just ran HijackThis here is the log file I really hope you can help Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP Winfixer Ad Popup/vundo Infection WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC PROGRA Grisoft AVGFRE avgemc exeC Program Files Eset nod krn exeC Program Files CyberLink Shared files RichVideo exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS AGRSMMSG exeC WINDOWS system ctfmon exeC Program Files Adobe Acrobat Distillr acrotray exeC Program Files WinZip WZQKPICK EXEC Program Files X-Micro Technology Corporation X-Micro WLAN g USB adapter XMicroWlan exeC Program Files Outlook Express msimn exeC Program Files Messenger msmsgs exeC Program Files Internet Explorer iexplore exeC WINDOWS system NOTEPAD EXEC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG win ini load C WINDOWS system fccya exeO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar no name - b f - fa- - - c b - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run nod kui quot C Program Files Eset nod kui exe quot WAITSERVICEO - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run NeroCheck C WINDOWS system NeroCheck exeO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exeO - HKCU Run Skype quot C Program Files Skype Phone Skype exe quot nosplash minimizedO - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - HKLM Policies Explorer Run ishost exe ishost exeO - HKLM Policies Explorer Run issearch exe issearch exeO - HKLM Policies Explorer Run kernel dll C WINDOWS system isnotify exeO - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVGFRE avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System CTFMON EXE User 'Default use... Read more

A:Winfixer Ad Popup/vundo Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

http://www.bleepingcomputer.com/forums/t/125742/winfixer-ad-popupvundo-infection/
Relevancy 106.64%

Hi i'm having problems with new browser windows opening normaly to winfixer website but also to poker sites and others also everytime i reboot my pc my cookie seeting drops to allow all cookies i have scanned And Hgge.dll Vundo Winfixer Popup with mcaffee virus scan plus and Hgge.dll Winfixer Popup And Vundo adaware adaware removes some things but they reappear on reboot mcafee recently detected vundo but i think i got rid of this if i disable the hggde dll addon in IE this seems tostop the popups but again it starts again on reboot heres my startup list and hijack this log StartupList report StartupList version Started from C Program Files hijackthis HiJackThis EXEDetected Hgge.dll Winfixer Popup And Vundo Windows XP SP WinNT Detected Internet Explorer v Using default options Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS System cisvc exeC Program Files Common Files EPSON EBAPI SAgent exeC WINDOWS system lkcitdl exeC WINDOWS system lkads exeC WINDOWS system lktsrv exeC Program Files Common Files McAfee HackerWatch HWAPI exeC PROGRA McAfee MSC mcmscsvc exeC WINDOWS system TPWRTRAY EXEc program files common files mcafee mna mcnasvc exeC Program Files TOSHIBA TME TMERzCtl EXEC Program Files TOSHIBA TME TMEEJME EXEC Program Files TOSHIBA TME TMESBS EXEC Program Files TOSHIBA Wireless Hotkey TosHKCW exeC WINDOWS system TFNF exeC Program Files Adobe Acrobat Distillr Acrotray exeC PROGRA McAfee VIRUSS mcods exeC PROGRA McAfee MSC mcpromgr exeC Program Files D-Link AirPlus G AirGCFG exec PROGRA COMMON mcafee redirsvc redirsvc exeC Program Files ANI ANIWZCS Service WZCSLDR exeC Program Files Skype Phone Skype exeC Program Files CounterPath X-Lite x-lite exeC PROGRA McAfee VIRUSS mcshield exeC Program Files MSN Messenger MsnMsgr ExeC WINDOWS system ctfmon exeC PROGRA McAfee VIRUSS mcsysmon exec PROGRA mcafee com agent mcagent exeC WINDOWS system rundll exeC Program Files McAfee MPF MPFSrv exeC Program Files National Instruments MAX nimxs exeC Program Files National Instruments Shared Security nidmsrv exeC WINDOWS system nipalsm exeC WINDOWS system nisvcloc exeC Program Files National Instruments Shared Tagger tagsrv exeC WINDOWS system nvsvc exeC WINDOWS system opcenum exeC Program Files TOSHIBA TME Tmesbs exeC Program Files TOSHIBA TME Tmesrv exeC WINDOWS system nipalsm exeC Program Files Skype Plugin Manager skypePM exeC WINDOWS system nimmhpun exeC Program Files hijackthis HiJackThis exeC WINDOWS system cidaemon exeC WINDOWS system cidaemon exec PROGRA mcafee VIRUSS mcvsshld exe--------------------------------------------------Listing of startup folders Shell folders Common Startup C Documents and Settings All Users Start Menu Programs Startup Adobe Acrobat Speed Launcher lnk DTH lnk C Program Files Desktop Traffic Headlines DTH exe--------------------------------------------------Checking Windows NT UserInit HKLM Software Microsoft Windows NT CurrentVersion Winlogon UserInit C WINDOWS system userinit exe --------------------------------------------------Autorun entries from Registry HKLM Software Microsoft Windows CurrentVersion RunNvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup StTHK StTHK exeTpwrtray TPWRTRAY EXETMESRV EXE C Program Files TOSHIBA TME TMESRV EXE LogonTMERzCtl EXE C Program Files TOSHIBA TME TMERzCtl EXE ServiceTMEEJME EXE C Program Files TOSHIBA TME TMEEJME EXETMESBS EXE C Program Files TOSHIBA TME TMESBS EXE ClientTosHKCW exe C Program Files TOSHIBA Wireless Hotkey TosHKCW exeTFNF TFNF exenwiz nwiz exe installquiet nodetect keeploadedAcrobat Assistant quot C Program Files Adobe Acrobat Distillr Acrotray exe quot Default QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeEPSON Stylus C Series C WINDOWS System spool DRIVERS W X E S IC EXE P q... Read more

A:Hgge.dll Winfixer Popup And Vundo

Hello stewbert My name is SNOWHITE and I will be helping you with your Malware problem.PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATERPlease follow the steps below exactly in the order they are written:Step #1Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logStep #2Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Step #3Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.In your next post please include the following reports: SDFix report VundoFix report dss scan reports main.txt and extra.txtLet me know how the things went.Regards,

http://www.bleepingcomputer.com/forums/t/100630/hggedll-winfixer-popup-and-vundo/
Relevancy 101.91%

Below is listed my Hijack This log I've run the Microsoft Antispyware Beta Version Ad-Aware Spybot and Mcafee Stinger and can't seem to remove this stuff from my system Any help would be appreciated Thanks Sean Strong Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP R - HKCU Software Microsoft Internet Explorer Main Default Page URL c secure htmlR - HKCU Software Microsoft Internet Explorer Main Search Bar res C WINDOWS system nkozl dll sp Popup, Winfixer Others & With Infected Ad html resultposition netR - HKCU Software Microsoft Internet Explorer Main Search Infected With Winfixer Ad Popup, & Others Page res C WINDOWS system nkozl dll sp html resultposition netR - HKLM Software Microsoft Internet Explorer Main Default Page URL about blankR - HKLM Software Microsoft Internet Explorer Main Default Search URL res C WINDOWS system nkozl dll sp html resultposition netR - HKLM Software Microsoft Internet Infected With Winfixer Ad Popup, & Others Explorer Main Search Bar res C WINDOWS system nkozl dll sp html resultposition netR - HKLM Software Microsoft Internet Explorer Main Search Page res C WINDOWS system nkozl dll sp html resultposition netR - HKCU Software Microsoft Internet Explorer Search SearchAssistant res C Infected With Winfixer Ad Popup, & Others WINDOWS system nkozl dll sp html resultposition netR - HKLM Software Microsoft Internet Explorer Search SearchAssistant res C WINDOWS system nkozl dll sp html resultposition netR - HKCU Software Microsoft Internet Explorer SearchURL Default http home microsoft com access autosearch asp p sR - HKLM Software Microsoft Internet Explorer SearchURL Default http home microsoft com access autosearch asp p sR - HKCU Software Microsoft Internet Explorer Main Local Page c secure htmlR - HKLM Software Microsoft Internet Explorer Main Local Page c secure htmlR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostR - Default URLSearchHook is missingO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - - - - - - C WINDOWS casino dllO - BHO no name - - - A- -CDBE C D EB - C WINDOWS netdde dllO - BHO C WINDOWS system st dll - B C- DEF- B- A A- E D BE EA - C WINDOWS system st dllO - BHO UberButton Class - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO Class - FBA B-F - C -DB -EC A - C WINDOWS crss dllO - BHO YahooTaggedBM Class - D A - CA - B-BB - D EFB A - C Program Files Yahoo Common YIeTagBm dllO - BHO C WINDOWS system winstyle dll - AC F- B - - C - B CB FF - C WINDOWS system winstyle dllO - BHO no name - D BB -B C- F - C D- F - C WINDOWS slassac dllO - BHO no name - AC - - D -BAB - C F A B C - C WINDOWS dkcpsapi dllO - BHO no name - DA E - F F- B B- CC - C A EEB - C WINDOWS prflbmsgp dllO - BHO C WINDOWS adsldpbf dll - EEE C-BBC - - DDE-CD E AB B B - C WINDOWS adsldpbf dllO - BHO MSEvents Object - FC - E - D -AC - DCAA A D - C WINDOWS system mlljk dllO - Toolbar no name - BA B -B - c -B - F F - no file O - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exeO - HKLM Run SoundMAXPnP C Program Files Analog Devices SoundMAX SMax PNP exeO - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exeO - HKLM Run PCMService quot C Program Files Dell Media Experience PCMService exe quot O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot rO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run MMTray C Program Files Musicmatch Musicmatch Jukebox mm tray exeO - HKLM Run mmtask C Program Files Musicmatch Musicmatch Jukebox mmtask exeO - HKLM Run MCAgentExe c PROGRA mcafee com agent mcagent exeO - HKLM Run MCUpdateExe c PROGRA mcafee com agent mcupdate exeO - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD... Read more

A:Infected With Winfixer Ad Popup, & Others

Hi Seanstrong,

If you still need help,please post a fresh HijackThis log.

http://www.bleepingcomputer.com/forums/t/40422/infected-with-winfixer-ad-popup-others/
Relevancy 101.48%

I keep on getting the winfixer pop up and also mcaffe keeps saying I have a trojan Popup/ Winfixer Trojan Ad Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv Winfixer Ad Popup/ Trojan exeC WINDOWS system LEXPPS EXEC WINDOWS System pctspk exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS System hkcmd exeC Program Files Dell QuickSet quickset exeC Program Files Common Files AOL ACS AOLDial exeC Program Files QuickTime Winfixer Ad Popup/ Trojan qttask exeC PROGRA McAfee com PERSON MpfTray exeC Program Files Java j re bin jusched exeC Program Files Lexmark X Series lxbkbmgr exeC Program Files DIGStream digstream exeC Program Files Roxio Easy CD Creator DirectCD DirectCD exeC PROGRA mcafee com vso mcvsshld exeC PROGRA mcafee com agent mcagent exec progra mcafee com vso mcvsescn exeC Program Files SurfAccuracy SAcc exeC Program Files Lexmark X Series lxbkbmon exeC WINDOWS System rundll exeC Program Files AOL Computer Check-Up ACCAgnt exeC PROGRA PANICW POP-UP PSFree exeC PROGRA PURENE PORTMA PortAOL exeC Program Files Common Files AOL ee AOLHostManager exeC PROGRA McAfee com PERSON MpfAgent exeC Program Files Common Files AOL ee AOLServiceHost exeC Program Files Common Files AOL ACS AOLAcsd exeC Program Files Common Files AOL TopSpeed aoltsmon exec PROGRA mcafee com vso mcvsrte exeC PROGRA McAfee com PERSON MPFSERVICE exeC WINDOWS System svchost exeC WINDOWS wanmpsvc exec program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exeC Program Files Common Files AOL ee AOLServiceHost exec PROGRA mcafee com vso mcshield exeC Program Files America Online waol exeC Program Files America Online shellmon exeC Program Files Common Files Real Update OB realsched exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer SearchURL http www ampmsearch com sp phpR - HKCU Software Microsoft Internet Explorer Main Search Bar http www ampmsearch com sp phpR - HKCU Software Microsoft Internet Explorer Main Search Page http www ampmsearch com sp phpR Winfixer Ad Popup/ Trojan - HKCU Software Microsoft Internet Explorer Main Start Page http www startnow com R - HKCU Software Microsoft Internet Explorer Search SearchAssistant http www ampmsearch com sp phpR - HKCU Software Microsoft Internet Explorer Search CustomizeSearch http minisearch startnow com R - URLSearchHook HyperSearchHook - B E- - -B CB-DD D D EE - C Program Files Common Files Hyperbar HyperbarSS dllO - BHO URLLink - A AACF -ADF - D - A - E B E - C Program Files NewDotNet newdotnet dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO no name - DB -FF E-CCB - FE- BF C - C DOCUME Owner APPLIC BIBBAR windowaim exe file missing O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocxO - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dllO - HKLM Run PCTVOICE pctspk exeO - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run Dell QuickSet C Program Files Dell QuickSet quickset exeO - HKLM Run HostManager C Program Files Common Files AOL ee AOLHostManager exeO - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLDial exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run MPFExe C PROGRA McAfee com PERSON MpfTray exeO - HKLM Run Pure Networks Port Magic quot C PROGRA PURENE PORTMA PortAOL exe quot -RunO - HKLM Run SunJavaUpdateSched C Program Files Java j... Read more

A:Winfixer Ad Popup/ Trojan

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.To Get rid of NewDotNet, go to:Start > Control Panel > Add or Remove Programs and remove the following:New.Net Applications or New.Net Domains (anything that says New.Net)If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4. In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.David

http://www.bleepingcomputer.com/forums/t/36054/winfixer-ad-popup-trojan/
Relevancy 97.18%

I am getting errors similar to ones described in title and http forums techguy org security -solved-hjt-log-vundo-please html post I thought may be someone can help me after looking at my hjt log -------------------------------------------------------------- Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system Sysprotect porn installer other Vundo popup popup services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Sysprotect popup Vundo other installer porn popup Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files Sysprotect popup Vundo other installer porn popup Intel Sysprotect popup Vundo other installer porn popup Wireless Bin ZcfgSvc exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system spoolsv exe C PROGRA Intel Wireless Bin XConfig exe C PROGRA COMMON AOL ACS AOLacsd exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Norton SystemWorks Norton GoBack GBPoll exe C Program Files Norton SystemWorks Norton AntiVirus navapsvc exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C Program Files Norton SystemWorks Norton AntiVirus IWP NPFMntor exe C PROGRA NORTON NORTON NPROTECT EXE C Program Files Intel Wireless Bin RegSrvc exe C PROGRA NORTON NORTON SPEEDD NOPDB EXE C WINDOWS system svchost exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C Program Files Apoint Apoint exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Java jre bin jusched exe C WINDOWS system igfxsrvc exe C WINDOWS eHome ehmsas exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Dell QuickSet quickset exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Real RealPlayer RealPlay exe C Program Files Apoint Apntex exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Musicmatch Musicmatch Jukebox mm tray exe C Program Files Corel Corel Photo Album MediaDetect exe C Program Files Sharp Sharpdesk IndexTray exe C Program Files Sharp Sharpdesk Indexer exe C Program Files Sharp Sharpdesk SharpTray exe C PROGRA MUSICM MUSICM MMDiag exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Dell Support DSAgnt exe C Program Files Yahoo Messenger ypager exe C Program Files MSN Messenger MsnMsgr Exe C Program Files America Online aoltray exe C Program Files MUSICMATCH Musicmatch Jukebox mim exe C Program Files Digital Line Detect DLG exe C Program Files Norton SystemWorks Norton GoBack GBTray exe C Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C PROGRA MOZILL FIREFOX EXE C Program Files Messenger msmsgs exe C Temp HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Search Bar http mysearch myway com jsp dellsidebar jsp p DE R - HKCU Software Microsoft Internet Explorer Main Start Page http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com myway R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com myway R - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe deSrcAs dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C P... Read more

A:Sysprotect popup Vundo other installer porn popup

Hi and welcome to TSG,

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.

 

https://forums.techguy.org/threads/sysprotect-popup-vundo-other-installer-porn-popup.463643/
Relevancy 92.88%

The quot Driver Cure quot popup comes up everytime I turn on or restart my computer Also I constantly have advertisement popups Recently there has been one that says I have won a walmart giftcard Also sometimes when I click on something in a website I am redirected to another unwanted website Please help - Unislynntastic DDS Ver - - - NTFSx Internet Explorer Run by Eunice Lin at on - - Microsoft Windows XP Home Edition GMT - AV Symantec AntiVirus Corporate Edition Enabled Updated FB E- B - A- F -E D C Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost advertisements Infected popup, and scan" with "DriverCure" popup, "quick exe svchost exe C Program Files Common Files Infected with "DriverCure" popup, "quick scan" popup, and advertisements Symantec Shared ccSetMgr exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe svchost exe C Program Files PC Tools PC Tools Security BDT BDTUpdateService exe C WINDOWS Microsoft NET Framework v mscorsvw exe C Program Files Symantec AntiVirus DefWatch exe C Program Files Juniper Networks Common Files dsNcService exe C Program Files PC Tools PC Tools Security pctsAuxs exe C Program Files PC Tools PC Tools Security pctsSvc exe C WINDOWS system svchost exe -k imgsvc C Program Files Symantec AntiVirus Rtvscan exe C Program Files TomTom HOME TomTomHOMEService exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files PC Tools PC Tools Security pctsGui exe C WINDOWS RTHDCPL EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Program Files Elantech ETDCtrl exe C Program Files Elantech ETDDect exe C Program Files EeePC ACPI AsTray exe C Program Files EeePC ACPI AsAcpiSvr exe C WINDOWS system igfxsrvc exe C Program Files EeePC ACPI AsEPCMon exe C WINDOWS system igfxext exe C Program Files Common Files Symantec Shared ccApp exe C PROGRA SYMANT VPTray exe C Program Files QuickTime qttask exe C Program Files Adobe Acrobat Acrobat Acrotray exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files TomTom HOME TomTomHOMERunner exe C Program Files ParetoLogic DriverCure DriverCure exe C Program Files PPStream ppsap exe C Program Files ASUS EeePC Super Hybrid Engine SuperHybridEngine exe C Program Files PPStream PPStream exe C WINDOWS system wuauclt exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files Microsoft Office Office WINWORD EXE C WINDOWS system DllHost exe C Program Files Adobe Acrobat Acrobat Acrobat exe C Program Files Internet Explorer iexplore exe C Documents and Settings All Users Application Data WeCareReminder ReminderHelper exe C Program Files Yahoo Companion Installs cpn ytbb exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe Pseudo HJT Report uStart Page hxxp www yahoo com uURLSearchHooks YTNavAssistPlugin Class ea - aa - a a- - af e d f - c program files yahoo companion installs cpn yt dll uURLSearchHooks NetAssistant e fa e-f a- -abf - c e c a - c program files freeze com netassistant NetAssistant dll uURLSearchHooks PC Tools Browser Defender ea- a- b-adf - d e cc - c program files pc tools pc tools security bdt PCTBrowserDefender dll BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO PC Tools Browser Defender BHO a f d b- - ff -b - cce e - c program files pc tools pc tools security bdt PCTBrowserDefender dll BHO EpicPlay Games e b-a b- -ba - da ac c f - c program files epicplay epicPlayGames dll BHO E D - A- EC-A -BA... Read more

A:Infected with "DriverCure" popup, "quick scan" popup, and advertisements

Hello Unislynntastic , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.2.Install Recovery Console and Run ComboFixThis tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.Download Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It i... Read more

http://www.bleepingcomputer.com/forums/t/443866/infected-with-drivercure-popup-quick-scan-popup-and-advertisements/
Relevancy 92.45%

Hello I get three popups without fail every time windows starts.Please see screenshot - http://g.imagehost.org/0164/MyDesktop.gif1. AVG popup - This shows up whenever the PC starts and periodically after 10-15 minutes of using the PC (no specific trigger noticed). However a full scan shows no infections or warnings.2. Cannot find script file... popup. This popup started showing after AVG detected VirusCleaner.vbe as a threat and moved it to the vault after I gave the go-ahead.3. Project1 Run time error x. You see 5 in the screenshot, the the error number varies randomly.All these started when I put my pendrive in a virus infested PC and then put it in my PC. I was careful to scan and clean it up, but it appears the virus still managed to leak in.

A:Heur trojan does not get cleared + Project1 popup & Cannot find VirusCleaner.vbe popup on after Windows boots

Hi cheenu,Try the following if you haven't already, as it may show if there's any malware AVG isn't picking up. Have you run any other scans?Step 1: AFT CleanerIf you're running XP, please run ATF cleaner according to the following instructions. If you're using Vista, please skip this step and continue with step 2.Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Step 2: MalwareBytesPlease download Malwarebytes Anti-Malware and save it to your desktop.MalwareBytesMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable security programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Step 3: Next I would like for you to run an online scan calledBitDefenderNote: You can only run this scan with Internet Explorer with Active X enabled.Please run a BitDefender Online ScanClick I Agree to agree to the EULA.Allow the ActiveX control to install when prompted.Click Click here to scan to begin the scan.Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan... Read more

http://www.bleepingcomputer.com/forums/t/235313/heur-trojan-does-not-get-cleared-project1-popup-cannot-find-viruscleanervbe-popup-on-after-windows-boots/
Relevancy 91.59%

Hello,
I opened up a file attached to an email and I managed to download the Vundo Trojan. I tried cleaning it with my antivirus software but it keeps popping up on my CA anti-spyware scan. I keep getting the antivirus 360 ad popup when I use Internet Explorer. I have Vista as my operating system. I tried running the DDS tool but have been unable to get any further than the black screen with the following message at the bottom:

EDS.EXE: couldn't write 1 item to stdout: Bad file descriptor
FINDSTR: No search strings

I tried downloading the tool in both IE and Firefox and was received the same message for both. I am not sure what else I can do in order to provide more information. Any assistance would be appreciate it. Thank you!

A:Antivirus 360 ad popup/ Vundo Trojan infection

Welcome to BCWe will deal with DDS a little later on. First run Mbam:----------------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/t/208111/antivirus-360-ad-popup-vundo-trojan-infection/
Relevancy 91.59%

Hello I have constant popup ads on my computer i have the google toolbar installed but it doesnt stop them I have Norton installed and for some reason it doesnt seem to detect this i have tried smitfarudfix and it hasnt changed anything the popups keep coming up It has also made Microsoft Office applications really slow I have followed the advice on one of the threads and done a hijackthis scan after going in safe mode as well as with all files and folders visible and system restore off here is the log Logfile of HijackThis v Scan saved at a m on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C popup Trojan.Vundo [SOLVED] constant ads WINDOWS Explorer EXE C DOCUME KeZiAh LOCALS Temp Temporary Directory for hijackthis zip [SOLVED] constant popup ads Trojan.Vundo HijackThis exe R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google [SOLVED] constant popup ads Trojan.Vundo googletoolbar dll O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run NDSTray exe NDSTray exe O - HKLM Run DLA C WINDOWS System DLA [SOLVED] constant popup ads Trojan.Vundo DLACTRLW EXE O - HKLM Run SmoothView C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe O - HKLM Run Tvs C Program Files Toshiba Tvs TvsTray exe O - HKLM Run THotkey C Program Files Toshiba Toshiba Applet thotkey exe O - HKLM Run TFncKy TFncKy exe O - HKLM Run TDispVol TDispVol exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet Wireless O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run PSQLLauncher quot C Program Files Protector Suite QL launcher exe quot startup O - HKLM Run TPSMain TPSMain exe O - HKLM Run CFSServ exe CFSServ exe -NoClient O - HKLM Run WinampAgent C Program Files Winamp winampa exe O - HKLM Run PCSuiteTrayApplication C PROGRA Nokia NOKIAP LAUNCH EXE -onlytray O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run osCheck quot C Program Files Norton AntiVirus osCheck exe quot O - HKLM Run a c rundll exe quot C WINDOWS system lujelfjv dll quot b O - HKLM Run Symantec PIF AlertEng quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe quot a m quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A AlertEng dll quot O - HKCU Run TOSCDSPD C Program Files TOSHIBA TOSCDSPD toscdspd exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run PcSync C Program Files Nokia Nokia PC Suite PcSync exe NoDialog O - HKCU Run BitTorrent quot C Program Files BitTorrent bittorrent exe quot --force start minimized O - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - HKCU Run Yahoo Pager quot C PROGRA Yahoo MESSEN YAHOOM EXE quot -quiet O - Startup Microsoft Office OneNote Quick Launch lnk C Program Files Microsoft Office OFFICE ONENOTEM EXE O - Startup wkcal... Read more

A:[SOLVED] constant popup ads Trojan.Vundo

Quote:





Originally Posted by classyleo


Hello
I have constant popup ads on my computer. i have the google toolbar installed but it doesnt stop them. I have Norton installed and for some reason it doesnt seem to detect this. i have tried smitfarudfix and it hasnt changed anything the popups keep coming up. It has also made Microsoft Office applications really slow. I have followed the advice on one of the threads and done a hijackthis scan after going in safe mode as well as with all files and folders visible and system restore off. here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:32:58 a.m., on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\KeZiAh\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [3099a31c] rundll32.exe "C:\WINDOWS\system32\lujelfjv.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitTorrent] &quo... Read more

http://www.techsupportforum.com/forums/f100/solved-constant-popup-ads-trojan-vundo-198821.html
Relevancy 91.59%

Referred here from http www bleepingcomputer com forums t antivirus- -ad-popup-vundo-trojan-infection OBHello I was told to post this log by garmanma ad Vundo Trojan infection 360 Antivirus popup/ here I tried to follow the Prep Guide but was unable to get DDS to run so Antivirus 360 ad popup/ Vundo Trojan infection was told to run RSIT I have ran Mbam ATF-Cleaner and SAS per garmanma's instructions I believe I am infected with the Vundo trojan since that is what my CA anti-spyware keeps picking up Any help with this would be greatly Antivirus 360 ad popup/ Vundo Trojan infection appreciated it Logfile of random's system information tool written by random random Run by Melissa at - - Microsoft Windows Vista Home Premium Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files CA CA Internet Security Suite CA Personal Firewall capfsem exeC Program Files CA CA Internet Security Suite CA Anti-Spyware CAPPActiveProtection exeC Program Files CA CA Internet Security Suite casc exeC Windows System rundll exeC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC Windows system mdmcls exeC Users Melissa Downloads RSIT exeC Windows system mdmcls exeC Program Files trend micro Melissa exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http homepage acer com rdr aspx b ACAW a p m aspire R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW a p m aspire R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http homepage acer com rdr aspx b ACAW a p m aspire R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO CA Toolbar Helper - FBF B- - -BE D-C B CA - C Program Files CA CA Internet Security Suite CA Website Inspector Toolbar CallingIDIE dllO - Toolbar Acer eDataSecurity Management - CBE B C- E - e-A DD- DB E - C Program Files Acer Empowering Technology eDataSecurity x eDStoolbar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar CA Toolbar - -E AF- AC -A DC-C C BB D - C Program Files CA CA Internet Security Suite CA Website Inspector Toolbar CallingIDIE dllO - HKLM Run TuneClone C Program Files TuneClone TuneClone exe silenceO - HKLM Run CAPPActiveProtection C Program Files CA CA Internet Security Suite CA Anti-Spyware CAPPActiveProtection exe O - HKLM Run cctray C Program Files CA CA Internet Security Suite casc exeO - HKLM Run CaPPcl C Program Files CA CA Internet Security Suite CA Anti-Spyware CAAntiSpyware exe scan startupO - HKLM Run NvCplDaemon RUN... Read more

A:Antivirus 360 ad popup/ Vundo Trojan infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:[list] Since you cannot run DDS please do another RSIT scanR,K

http://www.bleepingcomputer.com/forums/t/209091/antivirus-360-ad-popup-vundo-trojan-infection/
Relevancy 90.73%

PC Dell Inspiron OS Windows Home 360 Trojan.Viknok popup Norton - Activity 3 error from Premium - Service Pack Browser Windows Explorer On Saturday June my computer suddenly and inexplicably rebooted itself I'm not exactly sure of the sequence of events but my best guess is that I powered up my machine a dialog popped up Do you want to allow the following program to make changes to this computer Program name A tool to aid in developing services for Windows NT verified publisher Microsoft Windows Program Location C Windows System sc exe start Garmin Core Update Trojan.Viknok Activity 3 - error popup from Norton 360 Service I clicked OK and then connected my machine to the internet I'm not sure if I started to play some internet games while the Garmin software updated or after But while playing the games my system rebooted After the pc rebooted and I reconnected to the internet I started to receive popup messages from Norton that it had blocked access to my system The exact text is as follows Norton blocked an attack by System Infected Trojan Viknok Activity In the popup there was a link to View Details The attacking sites were listed when I clicked View Details There were several delphoner me jubmoz me strong-sellos org trottilez-x biz grom-biz biz postfort-main com fourteen-meters me Here are the actions that I've taken Researched Trojan Viknok Activity There wasn't much information The Symantec site didn't seem to have much on the Trojan the security response is as follows BEGINNING OF NORTON SECURITY RESPONSE FOR Trojan Viknok Activity Severity High This attack could pose a serious security threat You should take immediate action to stop any damage or prevent further damage from happening Description Trojan Viknok is a Trojan horse that steals information from the compromised computer Additional Information When the Trojan is executed it may connect Trojan.Viknok Activity 3 - error popup from Norton 360 to the following command-and-control server http dgfvv mydad info bod REMOVED The Trojan then infects the following file so that it executes whenever Windows starts System rpcss dll Affected Windows Windows Me Windows NT Windows Server Windows Server Windows Vista Windows XP END OF NORTON SECURITY RESPONSE FOR Trojan Viknok Activity As you can read above the recommended advice is to take immediate action but which specific actions should be taken are left unsaid And I just noticed Windows is not listed This being the case I decided I needed to get back to a clean system I have a Dell computer and had created a repair disk flash drive sometime last year I booted the flash drive selected the option to backup my disk image and selected files which I did to an external GB drive The Dell DataSafe Local Backup software said that it would restore my system and then copy my selected files back to my system The interface was a bit confusing and I ended up restoring back to the factory image none of my files were copied back to the system After much angst and more research I managed to retrieve the files or so I thought The Dell DataSafe Local Backup listed all my files but did not have those files The one file I was most interested in did not get restored--I tried restoring it and it alone to an empty folder and the backup restore software restored a different file I tried restoring three files from my backup to an empty folder and again got different files The only thing that I could do was move on so I started loading software back onto my system First the Norton software Next I started updating Windows This was a long process and gave me time to think It occurred to me that I had backed up an image of my disk before trying to recover my system The Norton popups had disappeared but I needed my mail file and the other file--and I couldn't help but think what other important files I was missing so I decided that I needed to restore the disk image I knew that I would get the Norton popups on Trojan Viknok Activity after reverting back ... Read more

A:Trojan.Viknok Activity 3 - error popup from Norton 360

Got impatient while waiting for a reply and decided to run scans *again*.
 
First ran a full scan by Norton 360.  Nothing was found.
 
Next ran Norton Power Eraser (NPE), including the rootkit scan.  This time, NPE found a problem with rpcss.dll and had a fix for it.  Allowed NPE to apply its fix and the incessant popups from Norton 360 have ceased.
 
I consider this issue closed.

http://www.bleepingcomputer.com/forums/t/539105/trojanviknok-activity-3-error-popup-from-norton-360/
Relevancy 90.73%

I had Windows Defender and SpyBot S amp D Trojan, autoupdates disabeling popup, Windows Vundo tell me I was infected with the Vundo Trojan I was experiencing popups slowdowns along with not being able to update Windows or Defender I Vundo Trojan, popup, disabeling Windows autoupdates used Windows Defender Vundo Trojan, popup, disabeling Windows autoupdates and SUPERAntiSpyware to remove it After running SUPER my computer started running much smoother but subsequent scans shows the trojan may still be there Then I found these forums I ran the Vundo fix found on these forums and it said it couldn't detect Vundo Thank you in advance for any help This is a great site and a wonderful service you provide It is much appreciated Thank you Nick Deckard's System Scanner v Run by Nick on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Vundo Trojan, popup, disabeling Windows autoupdates Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Windows Defender Checkpoint - - UTC - RP - Software Distribution Service - - UTC - RP - Software Distribution Service - - UTC - RP - Installed Java TM Update -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup -- HijackThis run as Nick exe ------------------------------------------------ Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA exe C WINDOWS System svchost exe C Program Files CA eTrust Antivirus InoRpc exe C WINDOWS system Ati evxx exe C Program Files CA eTrust Antivirus InoRT exe C Program Files CA eTrust Antivirus InoTask exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C PROGRA CA ETRUST realmon exe C Program Files Java jre bin jusched exe C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe C Program Files Creative SBAudigy ZS DVDAudio CTDVDDet EXE C WINDOWS CTHELPER EXE C Program Files Razer Tarantula razerhid exe C Program Files iTunes iTunesHelper exe C Program Files Windows Defender MSASCui exe C WINDOWS system ctfmon exe C Program Files U-ABIT uGuru uGuru exe C Program Files DNA btdna exe C Program Files Windows Media Player WMPNSCFG exe C WINDOWS system mpxu exe C Program Files Razer Tarantula razertra exe C Program Files Logitech SetPoint SetPoint exe C Program Files iPod bin iPodService exe C Program Files Common Files Logitech KhalShared KHALMNPR EXE C Documents and Settings Nick Desktop dss exe C PROGRA TRENDM HIJACK Nick exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run Real... Read more

A:Vundo Trojan, popup, disabeling Windows autoupdates

Welcome to TSF.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run Deckard's System Scanner again, using the below instructions.

Go to Start->Run and copy/paste the following and click OK:

"%userprofile%\desktop\dss.exe" /daft

Click on Scan. Check the boxes which should appear for these entries:

.cpl

Then click on Fix.

Click Scan again. You should get a message All Associations OK! Click Next, then Save Log and post this log in your next reply.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [DelayedLoad] C:\DOCUME~1\Nick\LOCALS~1\Temp\atmadm2.exe
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O20 - AppInit_DLLs: iavjwl.dll

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\mpxu.exe
c:\WINDOWS\system32\mpx.exe
C:\Program Files\SoftwareRevenue.org\
C:\WINDOWS\system32\mi2.exe

Go to http://www.bleepingcomputer.com/comb...o-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

http://www.techsupportforum.com/forums/f284/vundo-trojan-popup-disabeling-windows-autoupdates-276095.html
Relevancy 89.87%

Hi.
I am getting a small pop up every few seconds from my Norton software in the bottom right corner of my screen that says Norton blocked an attack by: System Infected:  Trojan.Viknok Activity 3.
I have already ran virus software updates and a full scan.  Ran Norton Power Eraser but it came back with a message about reinstalling the windows software dll file or something to that effect.
 
If I click on view details, it shows an ip address and some other info about the virus.
 
I am not a computer pro so would appreciate any step-by-step instructions on how to get rid of this.  Thank you!

A:Trojan.viknok Activity 3 popup blocked message from Norton

Hi lego7191 and Welcome to BleepingComputer ! I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post. Next time when you get another pop-up from Norton alerting you about the infection can you click View Details and copy and paste the contents into your next reply. Also can you tell me What operating System you are running and if it's 32 or 64 bit.If you are unsure what you're system bit type is..... click Here for help. 

http://www.bleepingcomputer.com/forums/t/539941/trojanviknok-activity-3-popup-blocked-message-from-norton/
Relevancy 89.01%

I have had my anti-virus Avast continuiously popup saying i have a trojan I delete it and then run XoftSpy And Winfixer,trojan Infected Vundo With Juan/vm, Downloader-new Trojan SE it also detects vundo and winfixer and downloader- New Juan VM I have also ran SuperanitSpyware It also tries to remove it all to find out it is still on there I have also ran Stinger it found nothing I am running Windows XP Also when i do this there Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo are others who also have different user names on it do i need to access each user and repeat the process for each user Sorry not sure of these things I have also experienced continous popups wanting me to download spyware antiviruses and to try and get rid of these are a real pain because they just Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo keep popping up Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC WINDOWS arservice exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS system dllhost exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC WINDOWS ARPWRMSG EXEC Program Files HP DigitalMedia Archive DMAScheduler exeC Program Files Hp HP Software Update HPWuSchd exeC PROGRA Yahoo browser ybrwicon exeC PROGRA Yahoo YOP yop exeC PROGRA ALWILS Avast ashDisp exeC Program Files Java jre bin jusched exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC WINDOWS eHome ehmsas exeC Program Files Wire PortalMon exeC PROGRA COMMON INSTAL UPDATE issch exeC Program Files DISC DISCover exeC Program Files Zone Labs ZoneAlarm zlclient exeC PROGRA Yahoo browser ycommon exeC Program Files Messenger msmsgs exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files MySpace IM MySpaceIM exeC Program Files AIM aim exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Updates from HP Program Updates from HP exeC WINDOWS system svchost exeC Program Files AIM aolsoftware exeC Program Files DISC DiscStreamHub exeC Program Files HP Digital Imaging bin hpqSTE exeC HP KBD KBD EXEc windows system hpsysdrv exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http www yahoo com search ie htmlR - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Default Page URL http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Search... Read more

A:Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo

Hi,* Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.* Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

http://www.bleepingcomputer.com/forums/t/115034/infected-with-trojan-winfixertrojan-downloader-new-juanvm-and-vundo/
Relevancy 89.01%

Hello,
I have Trojan Vundo and Trojan Conhook on a users system. I have run Trend Micro Worry free Advanced several times to remove, but it always says that it cannot quarrantine the files that are found. There is also the popup that says "you are infected with a virus and should run 360 now to remove", which, I believe, is still the virus itself. The windows automatic update is disabled and will not start. All of the commands in services are disabled, to start, stop, etc...

I have downloaded Hijack this, and Combofix, but am not familiar with using them enough to troubleshoot the problems. Can anyone help?

A:Trojan Vundo and Trojan Conhook 360 popup

Moving from the HiJack This forum to the Am I Infected forum as there are no logs. ~ OB

http://www.bleepingcomputer.com/forums/t/199018/trojan-vundo-and-trojan-conhook-360-popup/
Relevancy 87.72%

I've been receiving a Run DLL error message upon starting up my computer This started earlier today after I received a vundo trojan notice from my ad-aware program I've tried to use malwarebytes and superantispyware both of which I error on (c:\windows\system32\fohiyute.dll) and startup RUNDLL popup Trojan Vundo already had installed on the computer however both will not start anymore Furthermore the Malwarebytes shortcut was automatically deleted disabled upon receiving this notification I have Vundo Trojan and RUNDLL error popup (c:\windows\system32\fohiyute.dll) on startup tried to start up my system in safe-mode but something is preventing me from doing so When trying I noticed after having to start normally some boot cleaning process started up before the windows desktop appeared I have since downloaded spyware doctor from the google pack and ran scans that showed the trojan among other things which I performed the remove and quarantine process After that I downloaded spy bot search and destroy and ran the scan and it showed my computer to be clear However I am still receiving the Run DLL error as well as not being able to run Malwarebytes or Super Anti Spyware or start my system in safe mode This particular problem started today however in the past week and a half I have had trojan problems stop my ability to run Malwarebytes in particular and start my computer in Safe-mode I was able to solve the prior problems myself by downloading Super Anti Spyware to remove the quot blocker quot and then run Malwarebytes to remove what ever was left It seems that I may have not gotten everything The two prior instances were also Trojans but I don't recall the names Also I have noticed an increase in CPU usage looking at the task manager though this could be due to the active spyware doctor and spybot protection Don't know if this is relevant but of the prior trojan problems one prevented me from opening the task manager and would make my desktop go blank remove all icons and start bar leaving only the background image however I don't have that problem anymore after using superantispyware followed by Malwarebytes Hope this helps I am not too versed with all of this I would greatly appreciate any help DDS Ver - - - NTFSx Run by Dan Yap at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Spyware Doctor with AntiVirus On-access scanning enabled Updated D C B -C DC- F- EF - AF A EFF AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Google Update GoogleCrashHandler exe C WINDOWS system svchost exe -k LocalService C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files EeePC ACPI AsAcpiSvr exe C Program Files EeePC ACPI AsEPCMon exe C Program Files EeePC ACPI AsTray exe C WINDOWS system igfxtray exe C WINDOWS RTHDCPL EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jqs exe C WINDOWS system igfxsrvc exe C WINDOWS AsScrPro exe C PROGRA AVG AVG avgtray exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C WINDOWS system igfxext exe C PROGRA AVG AVG avgrsx exe C Program Files Spyware Doctor pctsTray exe C PROGRA AVG AVG avgnsx exe C WINDOWS system ctfmon exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files ASUS EeePC Super Hybrid Engine S... Read more

A:Vundo Trojan and RUNDLL error popup (c:\windows\system32\fohiyute.dll) on startup

Hi dky,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do.Run Spybot-S&DGo to the Mode menu, and make sure Advanced Mode is selectedOn the left hand side, choose Tools -> ResidentUncheck Resident TeaTimer and OK any promptsRestart your computer.Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Spyware Doctor.

Open your Malwarebytes' Anti-Malware.First update it, to do that under the Update tab press "Check for Updates".Under Scanner tab select "Perform Quick Scan", then click Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the MBAM log.Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

http://www.bleepingcomputer.com/forums/t/268200/vundo-trojan-and-rundll-error-popup-cwindowssystem32fohiyutedll-on-startup/
Relevancy 86.86%

also no hope with with Ms Defender McAfee VirusScan SuperAntiSpyware keep detecting and removing Trojan Winfixer and Adware Vundo Disconnected from Internet and scan my computer with SuperAntiSpyware a dozen times then SuperAntiSpyware is nolonger be able to detect these Trojans Yet a s a I connect to the internet SuperAntiSpyware alert with the same Trojan My laptop configuration Dell m - CPU Duo Core x RAM x OS XP Home SP Browser IE FFox Please kindly find below my HJT log Looking forward to hearing from you---------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system Adware.vundo, Infected (hjt Included) With Logged Trojan.winfixer winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Programs Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Bonjour mDNSResponder Infected With Adware.vundo, Trojan.winfixer (hjt Logged Included) exeC Program Files Common Files McAfee HackerWatch HWAPI exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exeC PROGRA McAfee VIRUSS mcods exeC PROGRA McAfee MSC mcpromgr exec PROGRA COMMON mcafee mcproxy mcproxy exec PROGRA COMMON mcafee redirsvc redirsvc exeC PROGRA McAfee VIRUSS mcshield exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files McAfee MPF MPFSrv exeC PROGRA McAfee MPS mps exeC Program Files McAfee MSK MskSrver exeC Program Files Dell QuickSet NICCONFIGSVC exeC Program Files SiteAdvisor SAService exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system wuauclt exeC WINDOWS Explorer EXEC PROGRA mcafee com agent mcagent exeC Program Files McAfee Infected With Adware.vundo, Trojan.winfixer (hjt Logged Included) MPS mpsevh exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS stsystra exeC Program Files Dell QuickSet quickset exeC Program Files McAfee MSK MskAgent exeC Program Files SiteAdvisor SiteAdv exeC Programs Windows Defender MSASCui exeC Programs Babylon Babylon-Pro Babylon exeC WINDOWS VM STI EXEC Program Files Java jre bin jusched exeC WINDOWS system WLTRAY exeC WINDOWS system hkcmd exeC Programs Microsoft ActiveSync wcescomm exeC WINDOWS system ctfmon exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Microsoft Office Office ONENOTEM EXEC Programs MICROS rapimgr exeC Program Files Yahoo Messenger YahooMessenger exeC HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dllO - Toolbar Contribute Toolbar - BDDE -E A - -B E- B B FC - C Program Files Adobe Adobe Contribute CS contributeieplugin dllO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run SigmatelSysTrayApp stsystra exeO - HKLM Run Dell QuickSet C Program Files Dell QuickSet quickset exeO - HKLM Run MskAgentexe C Program Files McAfee MSK MskAgent exeO - HKLM Run SiteAdvisor C Program Files SiteAdvisor SiteAdv exeO - HKLM Run Windows Defender quot C Programs Windows Defender MSASCui exe quot -hideO - HKLM Run Babylon Client C Programs Babylon Babylon-Pro Babylon exe -AutoStartO - HKLM Run BigDogPath C WINDOWS VM STI EXE ZSM... Read more

A:Infected With Adware.vundo, Trojan.winfixer (hjt Logged Included)

Hello teddybear_ab I will be helping you with your problems.If you could navigate to Start>My computer\C:\HijackThis\HijackThis.exe and then right click on it and select rename. Rename it to Demon.exe. Next run Demon.exe and choose "do a system scan and save a logfile". Please post the resultant log in a reply to this thread and i will take a look for you.Thanks DC

http://www.bleepingcomputer.com/forums/t/111972/infected-with-adwarevundo-trojanwinfixer-hjt-logged-included/
Relevancy 86.86%

Hi everyone i Popup Trojan? computer X Red Your infected - hope someone can help My pc got infected on Sunday its a red X symbol in the quick Your computer infected Popup Red X - Trojan? launch bar - and when you hover the mouse over Your computer infected Popup Red X - Trojan? the symbol the pop up box reads quot Your computer is infected Windows has detcted spyware infection It is recommended to use special antispyware tools to pervent data loss Windows will now download and install the most up-to-date antispyware for you Click here to protect your computer from spyware quot i've gone through the procedures in the Preparation guide on this site but still had no luck getting rid of the virus My F-secure antivirus programme has highlighted svchost exe Win perflogger and Trojan Dowloader Win agent as possible risks but is unable to delete disinfect any of these I've attached the Hijack log any help would be greatly appreciated On a side note for some reason my keyboard won't operate in the boot screen before entering safe mode so i can't get into safe mode to make any changes Its a Logitech keyboard - its power lights don't seem to come on until the Windows XP symbol is already on the screen Thanks in advanceLogfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS system RunDll exeC Program Files Microsoft Hardware Keyboard type exeC Program Files Java jre bin jusched exeC Program Files HP hpcoretech hpcmpmgr exeC Program Files HP HP Software Update HPWuSchd exeC Program Files eBay eBay Toolbar eBayTBDaemon exeC WINDOWS system RUNDLL EXEC Program Files iTunes iTunesHelper exeC WINDOWS system brastk exeC Program Files F-Secure Internet Security Common FSM EXEC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files InterVideo Common Bin WinCinemaMgr exeC Program Files Logitech SetPoint SetPoint exeC Program Files Common Files Logishrd KHAL KHALMNPR EXEC Program Files HP Digital Imaging bin hpqgalry exeC Program Files F-Secure Internet Security Anti-Virus fsgk st exeC Program Files F-Secure Internet Security Common FSMA EXEC Program Files F-Secure Internet Security Anti-Virus FSGK EXEC Program Files F-Secure Internet Security Common FSMB EXEC WINDOWS system nvsvc exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files F-Secure Internet Security Common FCH EXEC WINDOWS system svchost exeC Program Files F-Secure Internet Security Common FAMEH EXEC Program Files F-Secure Internet Security Anti-Virus fsqh exeC Program Files iPod bin iPodService exeC Program Files F-Secure Internet Security FSGUI fsguidll exeC Program Files F-Secure Internet Security FSAUA program fsaua exeC Program Files F-Secure Internet Security FWES Program fsdfwd exeC Program Files F-Secure Internet Security FSAUA program fsus exeC Program Files HP Digital Imaging Product Assistant bin hprblog exeC WINDOWS System svchost exeC Program Files F-Secure Internet Security Anti-Virus fsav exeC Program Files Mozilla Firefox firefox exeC Program Files F-Secure Internet Security Anti-Virus fssm exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http uk red clientapps yahoo com customi fo bt side htmlR - HKCU Software Microsoft Internet Explorer SearchURL Default http uk red clientapps yahoo com customi arch yahoo com R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO eBay Toolbar Helper - D E - A E- dfb... Read more

A:Your computer infected Popup Red X - Trojan?

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.Then, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/174403/your-computer-infected-popup-red-x-trojan/
Relevancy 86%

Logfile of Trend Micro HijackThis v Infected Ad Popup Winzix The By Causing The Trojan Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS Infected By The Winzix Trojan Causing The Ad Popup system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeD Programs Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS Infected By The Winzix Trojan Causing The Ad Popup System svchost exeD Programs Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Common Files LightScribe LSSrvc exeD Programs McAfee Common Framework FrameworkService exeD Programs McAfee VirusScan Enterprise Mcshield exeD Programs McAfee VirusScan Enterprise VsTskMgr exeD Programs McAfee Common Framework naPrdMgr exeD Programs NetLimiter nlsvc exeC WINDOWS system nvsvc exeD Programs Spyware Doctor pctsAuxs exeD Programs Spyware Doctor pctsSvc exeC Program Files SiteAdvisor SAService exeD Programs Alcohol Soft Alcohol StarWind StarWindServiceAE exeC WINDOWS System svchost exeC WINDOWS System alg exeC WINDOWS system ctfmon exeD Programs NetLimiter NLClient exeD Infected By The Winzix Trojan Causing The Ad Popup Programs Spyware Doctor pctsTray exeC WINDOWS Explorer EXEC WINDOWS system RunDLL exeC WINDOWS system rundll exeC WINDOWS ALCXMNTR EXED Programs Windows Defender MSASCui exeD Programs McAfee VirusScan Enterprise SHSTAT EXED Programs McAfee Common Framework UdaterUI exeC WINDOWS VM STI EXEC Program Files Common Files Real Update OB realsched exeC Program Files SiteAdvisor SiteAdv exeC Program Files Hp HP Software Update HPWuSchd exeD Programs McAfee Common Framework McTray exeD Programs Hewlett-Packard HP Media Vault Utilities HPMVTray exeC Program Files Java jre bin jusched exeD Programs Sony Handheld HOTSYNC EXEC WINDOWS system taskmgr exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeD Programs Trend Micro HijackThis HijackThis exeC WINDOWS System wbem wmiprvse exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - D Programs Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO flashget urlcatch - F -AA - B - F D- A B E EF - D Programs FlashGet jccatch dllO - BHO dsWebAllowBHO Class - F D C- - F-A - E BD E - C Program Files Windows Desktop Search dsWebAllow dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO scriptproxy - DB D A - - E -B D- F C - D Programs McAfee VirusScan Enterprise Scriptcl dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - BHO FlashGet GetFlash Class - F E- EF- C- - BA DBA - D Programs FlashGet getflash dllO - Toolbar no name - E E AB-F - D - D - BA E - no file O - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dllO - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installquiet keeploaded nodetectO - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInitO - HKLM Run AlcxMonitor ALCXMNTR EXEO - HKLM Run Windows Defender quot D Programs Windows Defender MSASCui exe quo... Read more

A:Infected By The Winzix Trojan Causing The Ad Popup

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

http://www.bleepingcomputer.com/forums/t/130335/infected-by-the-winzix-trojan-causing-the-ad-popup/
Relevancy 86%

I have what seems to be a trojan that i can popup Security with trojan Total Infected / t get rid of - in that it looks like a program - quot Total Security quot but i can't uninstall it and it keeps popping up The below description Infected with Total Security trojan / popup not mine - from malwarebytes forum is exactly the same thing that happens to me quot If I let the computer sit idle for about minutes a blue screen appears that says a problem was detected and windows has been shut down to prevent damage a process or thread crucial to system operation has unexpectedly exited or been terminated blah blah remove any hardware or software disable BIOS memory options such as caching or shadowing use safe modeTechnical information ---------------stop -- x f x x cada x caf x d c beginning dump of physical memory physical memory dump complete contact administrator this is an abbreviated version quot Please help DDS Ver - - - FAT x Run by Kathryn Garrad at on Fri Internet Explorer BrowserJavaVersion Infected with Total Security trojan / popup Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning disabled Updated DDD - FF- F- E B- D D BF FW Infected with Total Security trojan / popup ZoneAlarm Firewall disabled BDA - B - F - -F FCFF F B Running Processes C WINDOWS system svchost -k DcomLaunchSVCHOST EXEC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupSVCHOST EXESVCHOST EXEC WINDOWS system ZONELABS vsmon exeC WINDOWS system spoolsv exeSVCHOST EXEC Acer eManager anbmServ exeC WINDOWS system igfxtray exeC WINDOWS SOUNDMAN EXEC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC acer epm epm-dm exeC Program Files Arcade PCMService exeC Program Files Launch Manager LaunchAp exeC Program Files Launch Manager PowerKey exeC Program Files Launch Manager HotkeyApp exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Launch Manager OSDCtrl exeC Program Files Launch Manager Wbutton exeC Acer Empowering Technology eRecovery Monitor exeC Program Files Nokia Nokia PC Suite LaunchApplication exeC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC PROGRA AVG AVG avgwdsvc exeC PROGRA AVG AVG avgtray exeC Program Files Bonjour mDNSResponder exeC Program Files Zone Labs ZoneAlarm zlclient exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system ctfmon exeC Program Files Canon CAL CALMAIN exeC PROGRA AVG AVG avgrsx exeC Program Files PC Connectivity Solution ServiceLayer exeC WINDOWS System svchost exe -k HTTPFilterC Program Files iPod bin iPodService exeC PROGRA AVG AVG avgnsx exeC WINDOWS system wscntfy exeC WINDOWS system notepad exeC WINDOWS explorer exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Kathryn Garrad Desktop dds scr Pseudo HJT Report uStart Page hxxp www bigpond com uSearchMigratedDefaultURL hxxp search live com results aspx q searchTerms amp src referrer source uInternet Settings ProxyOverride localuSearchURL Default hxxp g ninemsn com au SEENAU SAOS FORM TOOLBRuURLSearchHooks H - No FileuURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllmURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO E D - A- EC-A -BA D E E - No FileBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Windows Live Toolbar Helper bdbd dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dllBHO x - No FileBHO Java Plug-In SSV Helper dbc -a - b-bc - c... Read more

A:Infected with Total Security trojan / popup

I ran Combofix while i was waiting... Here's the log... I ave attached it as well, just in case... Hope someone can help! ComboFix 09-09-23.02 - Kathryn Garrad 25/09/2009 3:09.1.1 - FAT32x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.675 [GMT -7:00]Running from: c:\documents and settings\Kathryn Garrad\Desktop\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-1c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-10c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-11c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-12c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-13c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-14c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-15c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-16c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-17c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-18c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-19c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-2c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-20c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-21c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-22c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-23c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-24c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-25c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-26c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-27c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-28c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-29c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-3c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-30c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-31c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-4c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-5c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-6c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.tok-16-7c:\documents and settings\Kathryn Garrad\Local Settings\Application Data\Bron.... Read more

http://www.bleepingcomputer.com/forums/t/260205/infected-with-total-security-trojan-popup/
Relevancy 85.14%

Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C away-insufficient Gateway-Slow-Norton error memory Solved: wont alot-<hugs> go popup Trojan WINNT System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared SNDSrvc exe C WINNT Explorer EXE C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Solved: Gateway-Slow-Norton Trojan popup wont go away-insufficient memory error alot-<hugs> Symantec Shared ccEvtMgr exe C WINNT system spoolsv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C WINNT System ScsiAccess EXE C WINNT system udhisapi exe C WINNT System igfxtray exe C WINNT System hkcmd exe C WINNT system SK DM EXE C WINNT GWMDMMSG exe C Program Files Roxio Easy CD Creator DirectCD DirectCD exe C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Messenger msmsgs exe C Documents and Settings Owner imagehlp exe C Program Files Adobe Acrobat Distillr AcroTray exe C Program Files Kodak KODAK Software Updater Program backWeb- exe C WINNT System svchost exe C WINNT system wuauclt exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Webroot Spy Sweeper WRSSSDK exe C DOCUME Owner LOCALS Temp Temporary Directory for hijackthis zip HijackThis exe C WINNT system NOTEPAD EXE C Program Files Mozilla Firefox firefox exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize ycomp defaults sb http www yahoo com search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com customize ycomp defaults sp http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www arthritis org R - HKLM Software Microsoft Internet Explorer Main Start Page http www gateway net R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ycomp defaults su http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO no name - - - C - F A-F F D - C Program Files meupt meupt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper ocx O - BHO no name - E A E - - -A -E BA B B - C Program Files CSBB CSBB dll file missing O - BHO no name - BBDB B-DA C- - CF - ACF F - C Program Files CSBB CSBB dll file missing O - BHO TChkBHO Class - CE FDE- B - FA-BE F- E D BB - C WINNT system iyyleuz dll file missing O - BHO no name - F C - DF - C C- A- B BBA D - C Program Files CSBB CSBB dll file missing O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - BHO no name - E B - - AF-BEAA- C F CFA - C Program Files CSBB CSBB dll file missing O - BHO no name - DB AC - FF- B - -E E BE F - C Program Files CSBB CSBB dll file missing O - BHO no name - D E- D- F-A A - F A F - C Program Files CSBB CSBB dll file missing O - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - BHO no name - CACB A -EEB - D -B - C - C Program Files CSBB CSBB dll file missing O - BHO no name - E FFDA - D - D - - C AAC - C Program Files CSBB CSBB dll file missing O - BHO no name - F D - - E - - EFC BE E - C Program Files CSBB CSBB dll file missing O - BHO no name - FA B-A - AA - BCA-AF D DD C - C Program Files CSBB CSBB dll file missin... Read more

A:Solved: Gateway-Slow-Norton Trojan popup wont go away-insufficient memory error alot-<hugs>

https://forums.techguy.org/threads/solved-gateway-slow-norton-trojan-popup-wont-go-away-insufficient-memory-error-alot-hugs.456934/
Relevancy 85.14%

I m guessing this is a precursor to the Vundo virus from the couple things I ve read so if anybody can help me get rid of it I d appreciate it Here Winfixer Getting popup s Getting Winfixer popup my HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS System CTsvcCDA EXE C Program Files Intel Intel Application Accelerator iaantmon exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exe C Program Files Norton Internet Security Norton AntiVirus navapsvc exe C WINDOWS system RioMSC exe C Program Files Norton Internet Security Norton AntiVirus SAVScan exe C Program Files Common Files Symantec Shared SNDSrvc exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS System MsPMSPSv exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared Security Center SymWSC exe C Program Files Intel Intel Application Accelerator iaanotif exe C WINDOWS system ctfmon exe C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files Creative Sound Blaster Live -bit Surround Mixer CTSysVol exe C WINDOWS System svchost exe C WINDOWS system Rundll exe C Getting Winfixer popup WINDOWS system dla tfswctrl exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Common Files Real Update OB realsched exe C Program Files Logitech MouseWare system em exec exe C Program Files Common Files AOL ACS AOLDial exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Microsoft AntiSpyware gcasDtServ exe C Program Files Common Files AOL ee AOLHostManager exe C Program Files Common Files AOL ee AOLServiceHost exe C PROGRA AIM aim exe c program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exe C Program Files AWS WeatherBug Weather exe C WINDOWS system wuauclt exe C Program Files Messenger msmsgs exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com myway R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com myway O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO CNisExtBho Class - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - BHO MSEvents Object - B D -F - -AC -E AB C F - C WINDOWS system ssqro dll O - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - BHO no name - FDD B - D - ffb- - B AD ACC - no file O - Toolbar Web assistant - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - Toolbar AOL Toolbar - D A-C B- -B B-B B E D C - C Program Files AOL Toolbar toolbar dll file missing O - HKLM Run IAAnotif C Program Files Intel Intel Application Accelerator iaanotif exe O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exe O - HKLM Run CTSysVol C Program Files Creative Sound Blast... Read more

A:Getting Winfixer popup

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and double click on KillVundo.bat
You will first be presented with a warning.
It should look like this
VundoFix V2.13 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

Click to expand...
At this point press enter one time.
Next you will see:
Type in the file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\ssqro.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
Please type in the second file path as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\orqss.*

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

The fix will run then HijackThis will open.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\ssqro.dll
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll

After you have fixed these items, close HijackThis and Press any key to force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
 

https://forums.techguy.org/threads/getting-winfixer-popup.415664/
Relevancy 85.14%

Hello all I am new to the forum and am a true novice with computers so I apologize for my ignorance in advance My symantec scan all of a sudden has stopped working and I receive a prompt that quot it may be improperly installed quot I have also recently ad Winfixer popup begun receiving pop up windows for bogus registry cleaners as well as ones that claim my pc has been quot struck by Winfixer ad popup a virus quot This is shortly followed by excessive ad popups and then ultimately my computer shuts off with the blue screen that says quot panic stack switch quot or quot k mode exception not handled quot or quot bogus drivers quot Here are the log files for hijack this and rsit I really appreciate the help Thanks Logfile of Winfixer ad popup random's system information tool written by random random Run by Ryan at - - Microsoft Windows XP Home Edition Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS System Ati evxx Winfixer ad popup exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Symantec Client Security Symantec AntiVirus DefWatch exec PROGRA mcafee com vso mcvsrte exeC WINDOWS System svchost exeC Program Files Roxio Easy CD Creator DirectCD DirectCD exeC WINDOWS System wltrysvc exeC Program Files Logitech iTouch iTouch exeC WINDOWS System bcmwltry exeC WINDOWS System DSentry exeC Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exeC PROGRA mcafee com vso mcvsshld exeC WINDOWS system pctspk exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT SYMANT VPTray exeC Program Files Java jre bin jusched exeC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC Program Files Logitech MouseWare system em exec exeC Program Files Symantec Client Security Symantec Client Firewall CfgWzSvc exeC Program Files Symantec Client Security Symantec Client Firewall SymSPort exec PROGRA mcafee com vso mcshield exeC Program Files iPod bin iPodService exeC Program Files Common Files Symantec Shared SNDSrvc exeC WINDOWS system wscntfy exeC Program Files QuickTime QuickTimePlayer exeC Program Files QuickTime QuickTimePlayer exeC Program Files Internet Explorer iexplore exeC WINDOWS system rundll exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system NOTEPAD EXEC Program Files Internet Explorer iexplore exeC Documents and Settings Babeuf Desktop RSIT exeC Program Files Trend Micro HijackThis Babeuf exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www cnn com R - HKCU Software Microsoft Internet Explorer Main Local Page C WINDOWS about htmO - BHO no name - CF BF- AFD- - - F EB EBB - C WINDOWS system byXNdcAr dll file missing O - BHO Malicious Scripts Scanner - EA -F E - D A-B B - B FCB - C Documents and Settings All Users Application Data Prevx pxbho dllO - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dllO - BHO no name - B BF - A - AA-B C - F FC D - C WINDOWS system byXNheEX dllO - BHO de - c-ac b-a - a ec ffdf - fdff ce- a - a-b ca-c ed - C WINDOWS system wxnrnn dllO - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dllO - HKLM Run Adapt... Read more

A:Winfixer ad popup

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stallPost these logs in your next reply..1. SDFix2. ComboFix3. A fresh HijackThis log..

http://www.bleepingcomputer.com/forums/t/183158/winfixer-ad-popup/
Relevancy 85.14%

I am hoping someone can help me remove this very nasty browser hijacker I was running spyware antivirus had a firewall up and still it got through I have since tried removing it with everything and nothing has worked Just like the many other people who have caught this bug I am getting the winfixer popups and various other casino porn etc popups I am a novice at HijackThis and rather than cause myself more problems I figured I'd ask someone who would know how to fix this thing Below Ad Popup Winfixer is Winfixer Ad Popup the HijackThis log after I have run every scan under the sun Thank you for your help Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC WINDOWS system cisvc exeC Program Files LogMeIn RaMaint exeC Program Files LogMeIn LogMeIn exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus IWP NPFMntor exeC Program Files Spyware Doctor sdhelp exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS System wdfmgr exeC WINDOWS System alg exeC WINDOWS Explorer EXEC Program Files Roxio Easy CD Creator DirectCD DirectCD exeC WINDOWS System hkcmd exeC WINDOWS BCMSMMSG exeC WINDOWS System DSentry exeC PROGRA VERIZO SUPPOR SMARTB MotiveSB exeC Program Files QuickTime qttask exeC Program Files Common Files Real Update OB realsched exeC Program Files Picasa PicasaMediaDetector exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files Microsoft AntiSpyware gcasServ exeC Program Files Common Files Symantec Shared ccApp exeC Program Files LogMeIn LogMeInSystray exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Dell Support DSAgnt exeC Program Files Microsoft AntiSpyware gcasDtServ exeC Program Files Spyware Doctor swdoctor exeC Program Files Palm Hotsync exeC WINDOWS system cidaemon exeC Program Files LogMeIn LogMeIn exeC Hijack hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www nytimes com R - HKCU Software Microsoft Internet Connection Wizard ShellNext quot C Program Files Outlook Express msimn exe quot R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer customized for Verizon OnlineO - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C WINDOWS Downloaded Program Files ycomp dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dllO - BHO WTLHelper Object - DC F -D - AB - B - F F A - C WINDOWS system pmnll dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run AdaptecDirectCD quot C Program Files Roxio Easy CD Creator DirectCD DirectCD exe quot O - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run BCMSMMSG BCMSMM... Read more

A:Winfixer Ad Popup

Hi Lisagal,Welcome to BC. Please download vundofix.exe to your desktop. Double-click VundoFix.exe to run it. ? Click the Scan for Vundo button. ? Once it's done scanning, click the Remove Vundo button. ? You will receive a prompt asking if you want to remove the files, click YES ? Once you click yes, your desktop will go blank as it starts removing Vundo. ? When completed, it will prompt that it will shutdown your computer, click OK. ? Turn your computer back on. ? Please post the contents of C:\vundofix.txt and a new HiJackThis log, please

http://www.bleepingcomputer.com/forums/t/45749/winfixer-ad-popup/
Relevancy 85.14%

Hi this is my first post to this forum Got hit by Winfixer last night already got a desktop going crazy because of it but having it on my laptop is intollerable So I found you guys Hopefully someone can help me out I scanned prodded and poked it with all kinds before I ran HJT I'm hoping it's already gone but just so I know can someone have a look at my HJT output thanks Shadowless Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Winfixer Popup Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Intel Wireless Bin XConfig exeC PROGRA Grisoft AVGFRE avgupsvc Winfixer Popup exeC Program Files WIDCOMM Bluetooth Winfixer Popup Software bin btwdins exeC Program Files Intel Wireless Bin OProtSvc exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS SM BG EXEC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC WINDOWS SOUNDMAN EXEC WINDOWS AGRSMMSG exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Intel Wireless Bin EOUWiz exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC PROGRA Grisoft AVGFRE avgcc exeC PROGRA Grisoft AVGFRE avgemc exeC WINDOWS system rundll exeC Program Files Thomson SpeedTouch USB Dragdiag exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC Program Files Messenger msmsgs exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files InterVideo Common Bin WinCinemaMgr exeC WINDOWS system igfxsrvc exeC Program Files SlimBrowser sbrowser exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Winamp winamp exeC PROGRA WIDCOMM BLUETO BTSTAC EXEC Program Files Mozilla Firefox firefox exeC WINDOWS system sstext d scrC Program Files HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www pcservicecall co ukO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - HKLM Run SM BG C WINDOWS SM BG EXEO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run Persistence C WINDOWS system igfxpers exeO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run IntelWireless C Program Files Intel Wireless Bin ifrmewrk exe tf Intel PROSet WirelessO - HKLM Run EOUApp C Program Files Intel Wireless Bin EOUWiz exeO - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exeO - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgentO - HKLM Run SpeedTouch USB Diagnostics quot C Program Files Thomson SpeedTouch USB Dragdiag exe quot iconO - HKLM Run SmartMail Server quot C Program Files SmartMail Server smrtmsr exe quot -hideO - HKLM Run Zone Labs Client C Program Files Zone Labs ZoneAlarm zlclient exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run NeroCheck C WINDOWS system NeroCheck exeO - HKLM Run mmtask quot C Program Files Musicmatch Musicmatch Jukebox mmtask exe quot O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run SpybotSD TeaTimer C Program Files Spybot - ... Read more

A:Winfixer Popup

shadowless,Welcome to the BleepingComputer Forums, I will be reviewing your HJT log.Please read "ALL" of the instructions before proceeding:You will need to print out these instructions for a reference or you cansave them by copying and pasting them into notepad and saving the text file to the desktop.This process will take a few steps, please take your time and follow the directions in the order posted.Please do not try to fix anything on your own, it will only make it harder to get you a resolution. If you don't understand something, please ask before performing any task..While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.In the Mode menu click "Advanced mode" if not already selected.Choose "Yes" at the Warning prompt.Expand the "Tools" menu.Click "Resident".Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.In the File menu click "Exit" to exit Spybot Search & Destroy.Next please do the following:Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log by using Add ReplyThanks,rstones12

http://www.bleepingcomputer.com/forums/t/46451/winfixer-popup/
Relevancy 85.14%

Not sure where this came from or when Just started getting the winzipper popup window yesterday or the day before Here is the hijack log file Thanks You folks are awesome Logfile of Popup Ad Winfixer HijackThis Winfixer Ad Popup v Scan saved at PM on Platform Windows SE Win x A MSIE Internet Explorer v Winfixer Ad Popup SP Running processes C WINDOWS SYSTEM KERNEL DLLC WINDOWS SYSTEM MSGSRV EXEC WINDOWS SYSTEM MPREXE EXEC WINDOWS SYSTEM HIDSERV EXEC WINDOWS SYSTEM SPOOL EXEc windows SYSTEM KB KB EXEC WINDOWS SYSTEM MSGLOOP EXEC WINDOWS SYSTEM MSG EXEC WINDOWS SYSTEM mmtask tskC WINDOWS SYSTEM DDHELP EXEC WINDOWS TASKMON EXEC WINDOWS SYSTEM SYSTRAY EXEC WINDOWS SYSTEM HPSYSDRV EXEC QUICKENW QAGENT EXEC PROGRAM FILES GRISOFT AVG Winfixer Ad Popup FREE AVGCC EXEC PROGRAM FILES GRISOFT AVG FREE AVGEMC EXEC PROGRAM FILES GRISOFT AVG FREE AVGAMSVR EXEC WINDOWS SYSTEM QTTASK EXEC PROGRAM FILES HP DIGITAL IMAGING BIN HPQTRA EXEC WINDOWS SYSTEM MRTMNGR EXEC WINDOWS SYSTEM WMIEXE EXEC PROGRAM FILES HP DIGITAL IMAGING BIN HPQGALRY EXEC PROGRAM FILES INTERNET EXPLORER IEXPLORE EXEC WINDOWS EXPLORER EXEC WINDOWS RUNDLL EXEC PROGRAM FILES HIJACKTHIS HIJACKTHIS EXER - HKCU Software Microsoft Internet Explorer Main Start Page http grandjunction bresnanonline net communityR - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by Bresnan OnLineO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C PROGRAM FILES ADOBE ACROBAT READER ACTIVEX ACROIEHELPER OCXO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO no name - DBDAC - - - E A- C AB BC - C WINDOWS SYSTEM SSQRS DLLO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO ATLDistrib Object - E E-BD - - C-AA D EA CA - C WINDOWS SYSTEM QOMLL DLLO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCXO - HKLM Run ScanRegistry c windows scanregw exe autorunO - HKLM Run TaskMonitor c windows taskmon exeO - HKLM Run SystemTray SysTray ExeO - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrSchemeO - HKLM Run HPScanPatch C WINDOWS SYSTEM HPScanFix exeO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run Keyboard Manager C Program Files Netropa One-touch Multimedia Keyboard MMKeybd exeO - HKLM Run SCUpdate quot C PROGRAM FILES BRESNAN MIGCFG PROGRAMS AutoUpdate exe quot O - HKLM Run QAGENT C QUICKENW QAGENT EXEO - HKLM Run AVG CC C PROGRA GRISOFT AVGFRE AVGCC EXE STARTUPO - HKLM Run AVG EMC C PROGRA GRISOFT AVGFRE AVGEMC EXEO - HKLM Run AVG AMSVR C PROGRA GRISOFT AVGFRE AVGAMSVR EXEO - HKLM Run QuickTime Task quot C WINDOWS SYSTEM QTTASK EXE quot -atboottimeO - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrSchemeO - HKLM RunServices Hidserv Hidserv exe runO - HKLM RunServices KB c windows SYSTEM KB KB EXEO - HKLM RunOnce QOMLL rundll exe C WINDOWS SYSTEM QOMLL DLL CreateProtectProc rerunO - Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXEO - Startup HP Digital Imaging Monitor lnk C Program Files HP Digital Imaging bin hpqtra exeO - Startup HP Image Zone Fast Start lnk C Program Files HP Digital Imaging bin hpqthb exeO - Startup Adobe Gamma Loader exe lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exeO - Extra context menu item amp Google Search - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmsearch htmlO - Extra context menu item amp Translate English Word - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmwordtrans htmlO - Extra context menu item Cached Snapshot of Page - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmcache htmlO - Extra context menu item Similar Pages - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmsimilar htmlO - Extra context menu item Backward Links - res C PROGRAM FILES GOOGLE GOOGLETOOLBAR DLL cmbacklinks htmlO - Extra context men... Read more

A:Winfixer Ad Popup

Hi and Welcome to bleeping computer!! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck.Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Close ewido security suite.Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link. Install it. Once the program is installed, it will open. It will prompt you to update to the latest definitions, click Yes. Once the definitions are installed, click Sweep Now on the left side. Click the Start button. When it's done scanning, click the Next button. Make sure everything has a check next to it, then click the Next button. It will remove all of the items found. Click Session Log in the upper right corner, copy everything in that window. Click the Summary tab and click Finish. Paste the contents of the session log you copied into your next reply.Then reboot your computer - IMPORTANTThen post a new HJT logDavid

http://www.bleepingcomputer.com/forums/t/36157/winfixer-ad-popup/
Relevancy 85.14%

Logfile of HijackThis v Scan saved at on Platform Windows XP SP Ad Popup Winfixer WinNT MSIE Winfixer Ad Popup Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS system ASWLSVC exeC Program Files Common Files Autodesk Shared Service AdskScSrv exeC Program Files CyberLink PowerCinema Kernel TV CLCapSvc exeC Program Files CyberLink PowerCinema Kernel TV CLSched exeC WINDOWS system CTsvcCDA exeC Program Files CyberLink Shared Files CLML NTService CLMLServer exeC Program Files CyberLink Shared Files CLML NTService CLMLService exeC Program Files Network Associates Common Framework FrameworkService exeC Program Files Network Associates VirusScan mcshield exeC Program Files Network Associates VirusScan vstskmgr exeC WINDOWS system nvsvc exeC Program Files Common Files Ulead Systems DVD ULCDRSvr exeC WINDOWS system MsPMSPSv exeC WINDOWS system ASWL K exeC WINDOWS Explorer EXEC Program Files Windows Defender MSASCui exeC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files Creative MediaSource RemoteControl RCMan EXEC Program Files MSN Messenger MsnMsgr ExeC Program Files Valve Steam Steam exeC Program Files iPod bin iPodService exeC WINDOWS system ctfmon exeC Program Files KODAK Kodak EasyShare software bin EasyShare exeC PROGRA Yahoo MESSEN ymsgr tray exeC WINDOWS System svchost exeC Program Files BT Broadband Help bin mpbtn exeC Program Files KODAK KODAK Software Updater Program Kodak Software Updater exeC Program Files Belkin Nostromo nost LM exeC Program Files OpenOffice org program soffice exeC Program Files OpenOffice org program soffice BINC WINDOWS system svchost exeC PROGRA Yahoo browser ycommon exeC Program Files Yahoo browser ybrwicon exeC Program Files Internet Explorer IEXPLORE EXEC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Search URL R - HKCU Software Microsoft Internet Explorer Main Search Bar R - HKCU Software Microsoft Internet Explorer Main Search Page R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www meshcomputers comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http uk red clientapps yahoo com customi arch yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http uk red clientapps yahoo com customi fo bt side htmlR - HKLM Software Microsoft Internet Explorer Main Search Page R - HKLM Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Internet Explorer SearchURL Default http uk red clientapps yahoo com customi arch yahoo com R - Default URLSearchHook is missingO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO UberButton Class - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO YahooTaggedBM Class - D A - CA - B-BB - D EFB A - C Program Files Yahoo Common YIeTagBm dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO SidebarAutoLaunch Class - F AA - - -B C -A CCDF CBF D - C Program Files Yahoo browser YSidebarIEBHO dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hideO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO... Read more

A:Winfixer Ad Popup

Hi and welcome to BleepingComputer I'm Jet Ian , and I will be handling your log to help you get it cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.We also recommend that you Subscribe to this thread so that when I or the other experts replied, you will get an email notification. To do this: Click on then and make sure you set it to Immediate Email Notification.

http://www.bleepingcomputer.com/forums/t/53515/winfixer-ad-popup/
Relevancy 85.14%

Hi I keep getting these popups and IE is redirected to winfixer sitesheres Winfixer popup my log thanks in advanceLogfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC Winfixer popup WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system cisvc exeC Program Files Common Files Command Software dvpapi exeC WINDOWS system gearsec exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus IWP NPFMntor exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system cidaemon exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Lexmark X Series lxbkbmgr exeC Program Files Common Files Microsoft Shared Works Shared WkUFind exeC PROGRA HPDVD Umbrella DVDTray exeC Program Files Lexmark X Series lxbkbmon exeC Program Files Messenger Plus MsgPlus exeC PROGRA BILLPS WINPAT WinPatrol exeC Program Files Hewlett-Packard HP Software Update HPWuSchd exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Microsoft IntelliType Pro type exeC Program Files Common Files Symantec Shared ccApp exeC WINDOWS system LVCOMSX EXEC Program Files Logitech Video LogiTray exeC Program Files Microsoft AntiSpyware gcasServ exeC PROGRA NETASS SMARTB MotiveSB exeC WINDOWS system lexpps exeC Program Files Microsoft AntiSpyware gcasDtServ exeC WINDOWS NCLAUNCH EXeC Program Files Logitech Video FxSvr exeC Program Files NetAssistant bin mpbtn exeC Program Files Messenger msmsgs exeC WINDOWS explorer exeC Program Files MSN Messenger msnmsgr exeC Program Files LimeWire LimeWire exeC Program Files Internet Explorer iexplore exeC Program Files hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www mdg caR - HKLM Software Microsoft Internet Explorer Main Search Bar res C DOCUME Justin LOCALS Temp sp dll sp htmlR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant about blankR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO no name - B DE- C - BF-B B- B F A E - C Program Files Microsoft Money System mnyside dllO - BHO MSEvents Object - B DFC -AAFC- -B - B C - C WINDOWS system vtstu dllO - BHO Form Filler BHO - E D-C B- D -B C- E A - C Program Files Zero Knowledge Freedom FreeBHOR dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exeO - HKLM Run Lexmark X Series quot C Program Files Lexmark X Series lxbkbmgr exe quot O - HKLM Run Microsoft Works Update Detection C Program Files Common Files Microsoft Shared Works Shared WkUFind exeO - HKLM Run DVDTray C PROGRA HPDVD Umbrella DVDTray exeO - HKLM Run DVDBitSet C PROGRA HPDVD Umbrella DVDBitSet exe NOUIO - HKLM Run MessengerPlus quot C Program Files Messenger Plus MsgPlus exe quot O - HKLM Run StarSkin C PROGRAM FILES ROCKET DIVISION SOFTWARE STARSKIN STARSKIN EXE -HO - HKLM Run WinPatr... Read more

A:Winfixer popup

Hello jphaneuf, You have some several nasty infections on this computer, so this may take several runs. You have Winpatrol installed, so you will have to disable it while we do the Hijackthis fixes. You have a LOP infection caused by installing Messenger Plus along with the Sponsor program tied to it. Uninstall Messenger Plus via Add/Remove in your control panel. Use Windows Explorere to find: C:\Program Files\Messenger Plus!\MsgPlus.exe" Delete the entire MessengerPlus folder. Reinstall MessengerPlus AFTER WE CLEAN UP if you want to use it, only this time make sure you uncheck the Sponsor box. Print out these instructions as we will need to shutdown every window that is open later in the fix.Please download and update Adaware SE 1.06.r1 Do not run this now as we will use it later.Adaware tutorial:Adaware SE TutorialDownload Process Explorer by Sysinternals and extract it to your desktop. Do not run this now as we will use it later.Download KillBox and extract it to your desktop. Do not run this now as we will use it later.Download FixVundo.reg and save it to your desktop. Do not run this now as we will use it later.Download CCleaner and install it. (default location is best). Do not run this now as we will use it later.Reboot your computer into Safe Mode*******************************************Double-click on procexp.exe which is the Process Explorer that we downloaded earlier.In the top section of the Process Explorer screen double-click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.Once you see this screen click on each instance of the vtstu.dll and click on the kill button. If you see any files listed that are the same name but end with .bak or .ini or are the name in reverse, you can kill those as well.After you have killed all of the instances of the vtstu.dll under winlogon click on the OK button.Now double-click on explorer.exe, select the Threads tab, and again click once on each instance of the vtstu.dll. Once they are highlighted click on the Kill button. When this is done, click on the OK button again.*******************************************Now run HijackThis, close all windows, and press the Scan button.Place a check next to each of the entries:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Justin\LOCALS~1\Temp\sp.dll/sp.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\vtstu.dllO20 - Winlogon Notify: disk - C:\WINDOWS\system32\diskperff.dllO20 - Winlogon Notify: style2 - C:\WINDOWS\system32\winstyle2.dll (file missing)O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dllOnce all the entries are checked, press the Fix button and then exit HijackThis.*******************************************Now double-click on the FixVundo.reg file that you downloaded earlier and allow it to merge the information.*******************************************Killbox tutorial:http://forum.malwareremoval.com/viewtopic.php?t=320Download KillBox to the desktop, that?can be found here: http://www.downloads.subratam.org/KillBox.exeRun Killbox program, in the field labeled "Full Path of File to Delete" enterC:\WINDOWS\system32\vtstu.dllselect the "Delete on Reboot" and click on the Red X(delete file) ,when it asks if you would like to Reboot now, press the No buttonRepeat with these:C:\WINDOWS\system32\diskperff.dllFor last file In the field labeled "Full Path of File to Delete" enter C:\WINDOWS\system32\winstyle2.dllselect the "Delete on Reboot" and click on the Red X(delete file) ,whe... Read more

http://www.bleepingcomputer.com/forums/t/30770/winfixer-popup/
Relevancy 85.14%

I'd really appreciate some Winfixer Popup help getting rid of a winfixer popup I ran Spybot S amp D and Ad-Aware using the tutorials recommended settings but it keeps coming back This is the winfixer URL that keeps opening in a new browser window on my pc sometimes a gray popup box appears first http www winfixer com pages scanner inde ed ex ax I m using a HP Pavilion pc OS is WinXP home edition with I E browser I have AVG amp ZA firewall amp SpywareBlaster installed I'm using Earthlink dialup as my ISP and using Earthlink Mailbox I believe with detailed instructions I Winfixer Popup m proficient enough to make changes to my Registry Keys if needed Thanks Rose Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Winfixer Popup WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVGFRE Winfixer Popup avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC PowerPanel upssrv exeC PowerPanel upsio exeC WINDOWS System nvsvc exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS Explorer EXEC windows system hpsysdrv exeC WINDOWS System hphmon exeC HP KBD KBD EXEC WINDOWS AGRSMMSG exeC Program Files Multimedia Card Reader shwicon k exeC Program Files Zone Labs ZoneAlarm zlclient exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files EarthLink TotalAccess TaskPanl exeC Program Files Common Files Microsoft Shared Works Shared WkCalRem exeC Program Files EarthLink TotalAccess FastLane IPClient exeC Program Files Internet Explorer iexplore exeC Program Files Microsoft Works wkswp exec Program Files Microsoft Works MSWorks exec Program Files Microsoft Works wkgdcach exeC Documents and Settings All Users Start Menu Programs HijackThis exeC WINDOWS system NOTEPAD EXER - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Bar http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Start Page http us hpwis com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http start earthlink net AL SearchR - HKCU Software Microsoft Internet Connection Wizard ShellNext http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Window Title MS I E O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO ShopSafe Browser Helper Object - F B - - D -A - A FE C - C WINDOWS System BhoSSafe dllO - BHO EarthLink Popup Blocker - B F E - F - a-B -B E C EDF - C Program Files EarthLink TotalAccess PnEL dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - B CA - A - D -A DF- BB - no file O - BHO MSEvents Object - DC -DD F- A -A - EB A - C WINDOWS provisioning cattask dllO - BHO no name - FDD B - D - ffb- - B AD ACC - no file O - Toolbar HP View - B E - D D- DEB- B - D BCF F - c Program Files HP Digital Imaging bin hpdtlk dllO - Toolbar EarthLink Toolbar - D F B - - AF- -B FA D E - C Program Files EarthLink TotalAccess PnEL dllO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HPHUPD c Program Files HP B B-DCAB- - EE - F hphupd exeO - HKLM Run HPHmon C WINDOWS System hphmon exeO - HKLM Run KBD C HP KBD KBD EXEO - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot rO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EX... Read more

A:Winfixer Popup

Please print these instructions out for use in Safe Mode.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to extract the filesThis will create a VundoFix folder on your desktop.After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.Once in safe mode open the VundoFix folder and doubleclick on KillVundo.batYou will first be presented with a warning and a list of forums to seek help at.
it should look like this
VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk
Please seek assistance at one of the following forums:
http://www.atribune.org/forums
http://www.247fixes.com/forums
http://www.geekstogo.com/forum
http://forums.net-integration.net

At this point press enter one time.

Next you will see:
Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.

At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\provisioning\cattask.dll Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

Next you will see:
Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\provisioning\ksattac.*
This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
The fix will run then HijackThis will open.In HiJackThis, please place a check next to the following items:

O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\System32\BhoSSafe.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\provisioning\cattask.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O20 - Winlogon Notify: cattask - C:\WINDOWS\provisioning\cattask.dll

and click FIX CHECKEDAfter you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!Once your machine reboots please continue with the instructions below.Download and install CleanUp!Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to the following (Make sure nothing else is checked!):Empty Recycle BinsDelete CookiesDelete Prefetch filesCleanup! All UsersClick OKPress the CleanUp! button to start the program.It may ask you to reboot at the end, click NO.Then, please run this online virus scan: ActiveScanCopy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

http://www.bleepingcomputer.com/forums/t/30204/winfixer-popup/
Relevancy 85.14%

I am so sick of Winfixer It's not even funny Whenever I turn Ad Popup Winfixer on my computer to go on the internet Winfixer is there and pops Winfixer Ad Popup up and opens all these prompts and windows It's seriously annoying as you all know ALSO Now whenever I turn on my computer as it's booting up to the desktop the quot Web page unavailable while offline quot Window pops open multiple times and when you close it opens up - windows Of course the server cannot be Winfixer Ad Popup found THANKFULLY because the internet is connected when I turn it on And I don't know if this is apart of Winfixer or some other form of adware but pop-ups keep showing up randomly for Sexbuddiesadultfriendfindergofish vo llnwdAnd a whole lot of other ones I can't think of right now It's getting so bad the other day my mother whom isn't very internet savvy so my brother and I watch her as she's on was checking her mail and some porn link pops open on the window SOMEONE PLEASE HELP And also my Ad-Aware program freezes up when it reaches a certain number Here is my HiJackThisLog Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exec Program Files Common Files Symantec Shared ccProxy exec Program Files Common Files Symantec Shared ccSetMgr exeC WINDOWS Explorer EXEc Program Files Norton AntiVirus navapsvc exec Program Files Common Files Symantec Shared SPBBC SPBBCSvc exec Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC WINDOWS system drivers KodakCCS exec Program Files Common Files Symantec Shared Security Center SymWSC exeC Program Files Internet Explorer iexplore exeC Program Files Java j re bin jusched exeC windows system hpsysdrv exeC HP KBD KBD EXEC Program Files iTunes iTunesHelper exeC WINDOWS system VTTimer exeC Program Files iPod bin iPodService exeC Program Files Common Files Symantec Shared ccApp exeC WINDOWS AGRSMMSG exeC WINDOWS ALCXMNTR EXEC Program Files QuickTime qttask exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC WINDOWS system itunesff exeC Program Files Microsoft AntiSpyware gcasServ exeC Program Files Messenger msmsgs exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Microsoft AntiSpyware gcasDtServ exeC Program Files Compaq Connections Program Compaq Connections exeC Documents and Settings Compaq Owner My Documents My Pictures Kodak EasyShare software bin EasyShare exeC Program Files WinZip WZQKPICK EXEC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE t ario pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE t ario pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE t ario pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE t ario pf desktopR - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE t ario pf desktopR - HKLM Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE t ario pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE t ario pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE t ario pf desktopR - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE t ario pf desktopO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO Web assistant... Read more

A:Winfixer Ad Popup

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

http://www.bleepingcomputer.com/forums/t/40547/winfixer-ad-popup/
Relevancy 85.14%

Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS Ad Popup Winfixer System svchost exeC Program Files Common Files Logitech Bluetooth LBTSERV EXEC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC WINDOWS system bmwebcfg exeC Program Files Wave Systems Corp Common DataServer exeC Program Files Symantec AntiVirus DefWatch exeC WINDOWS system inetsrv inetinfo exeC WINDOWS system cba pds exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC PROGRA Symantec SYMANT NSCTOP EXEC Program Files Symantec AntiVirus SavRoam exeC Program Files Sprint AirCard Sprint PCS Connection Manager SPCSUtilityService exeC WINDOWS system svchost exeC Program Files Symantec AntiVirus Rtvscan Winfixer Ad Popup exeC Program Files NTRU Cryptosystems NTRU Hybrid TSS v bin tcsd win exeC Program Files eProManager Tray exeC WINDOWS TIREMOTE wuser exeC WINDOWS TIREMOTE TIRemoteService exeC WINDOWS system Winfixer Ad Popup ams ii hndlrsvc exeC WINDOWS system MsgSys EXEC WINDOWS system ams ii iao Winfixer Ad Popup exeC WINDOWS system cba xfr exeC Program Files Exchsrvr bin exmgmt exeC WINDOWS Explorer EXEC Program Files Apoint Apoint exeC Program Files Apoint Apntex exeC Program Files Apoint HidFind exeC WINDOWS system hkcmd exeC WINDOWS system igfxsrvc exeC WINDOWS system igfxpers exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exeC Program Files Adobe Acrobat Distillr Acrotray exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC WINDOWS TIREMOTE TIServiceMonitor exeC Program Files Logitech SetPoint LBTWiz exeC Program Files Logitech MediaLife MediaLifeService exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files SlySoft AnyDVD AnyDVD exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exeC Program Files Digital Line Detect DLG exeC Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exeC Program Files Logitech SetPoint SetPoint exeC Program Files Common Files Logitech khalshared KHALMNPR EXEC Program Files Microsoft Office OFFICE OUTLOOK EXEC Program Files Microsoft Office OFFICE WINWORD EXEC Program Files IBM Client Access Emulator pcsws exeC Program Files IBM Client Access Emulator PCSCM EXEC Program Files IBM Client Access Emulator pcsws exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www nola com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by Orion South Inc R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO no name - EC DD - A - -F F- E F F - C WINDOWS system bcfcq dll file missing O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run Apoint quot C Program Files Apoint Apoint exe quot O - HKLM Run igfxtray C WINDOWS system igfxtray exeO - HKLM Run igfxhkcmd C WINDOWS system hkcmd... Read more

A:Winfixer Ad Popup

Hello and welcome to BC. Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.When finished, it will produce a log for you. Post that log in your next reply and a fresh HijackThis log taken after a reboot.Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

http://www.bleepingcomputer.com/forums/t/89929/winfixer-ad-popup/
Relevancy 85.14%

i am having trouble with this winfixer ad popping up here is my hijack log please help Winfixer Popup Ad me Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS Winfixer Ad Popup system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Symantec Winfixer Ad Popup LiveUpdate ALUSchedulerSvc exec Program Files Common Files LightScribe LSSrvc exec program files mcafee com agent mcdetect exec PROGRA mcafee com agent mctskshd exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC PROGRA McAfee com PERSON MpfService exeC PROGRA McAfee SPAMKI MSKSrvr exeC WINDOWS Explorer EXEC WINDOWS system svchost exeC Program Files Java j re bin jusched exeC windows system hpsysdrv exeC Program Files Java j re bin jucheck exeC WINDOWS system hkcmd exeC WINDOWS AGRSMMSG exeC HP KBD KBD EXEC Program Files Common Files Real Update OB realsched exeC hp drivers hplsbwatcher lsburnwatcher exeC WINDOWS SOUNDMAN EXEC WINDOWS ALCWZRD EXEC WINDOWS ALCMTR EXEC Program Files HP HP Software Update HPWuSchd exeC Program Files QuickTime qttask exeC Program Files Ulead Systems Ulead Photo Explorer SE Basic Monitor exeC WINDOWS system hphmon exeC PROGRA MUSICM MUSICM MMDiag exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC PROGRA mcafee com agent mcagent exeC WINDOWS system wwSecure exeC PROGRA McAfee com PERSON MpfTray exeC PROGRA McAfee SPAMKI MskAgent exeC WINDOWS system ctfmon exeC Program Files MUSICMATCH MUSICMATCH Jukebox mim exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Yahoo Messenger ymsgr tray exeC PROGRA McAfee com PERSON MpfAgent exeC Program Files MSN Messenger msnmsgr exeC WINDOWS system drwtsn exeC WINDOWS system drwtsn exeC Program Files Internet Explorer iexplore exeC DOCUME HP Owner LOCALS Temp Temporary Directory for hijackthis zip HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE t lion pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE t lion pf desktopR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaul www yahoo comR - URLSearchHook no name - A FAF - E- cf- - F A D - no file O - BHO no name - DBDAC - - - E A- C AB BC - C WINDOWS system awtsp dll file missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO McAfee AntiPhishing Filter - D ED - CFF- - A - EBB AF - c program files mcafee spamkiller mcapfbho dllO - BHO MSEvents Object - B DFC -AAFC- -B - B C - C WINDOWS system mllmn dll file missing O - BHO UberButton Class - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO YahooTaggedBM Class - D A - CA - B-BB - D EFB A - C Program Files Yahoo Common YIeTagBm dllO - BHO WTLHelper Object - D B - C C- - D F- B CC - C WINDOWS system ddccc dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar HP view - B E - D D- DEB- B - D BCF F - c Program Files HP Digital Imaging bin HPDTLK dllO - Toolbar AOL Toolbar - D A-C B- -B B-B B E D C - C Program Files AOL Toolbar toolbar dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exeO - HKLM Run hpsysdrv c windows system h... Read more

A:Winfixer Ad Popup

You will need to post your log in the High Jack This forum here at Bleeping Computer. Also, I can tell you that you need to get a different log, because you are running HJT from a temp location and this is a no no! Closely follow the directions in the preperation guide. First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.) Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.Third: If, after finishing your work with the folks at the HJT forum you have issues with XP related to the removal of the infection, then come back in here and let us help you get your computer back to normal.You are in good hands! Good luck!

http://www.bleepingcomputer.com/forums/t/46644/winfixer-ad-popup/
Relevancy 85.14%

here is my log can u guys plzz help me it just started randomly thank u guys in advance Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C Program Files Creative SBAudigy DVDAudio CTDVDDet EXE C Program Files Dell Media Experience PCMService exe C Program Files MySoftware MyInvoices tracker exe C WINDOWS System DSentry exe C WINDOWS system dla tfswctrl exe C Program Files Common Files Real Update OB realsched exe C Program Files Microsoft AntiSpyware gcasServ exe C Program Files iTunes iTunesHelper exe popup Winfixer C PROGRA Winfixer popup Grisoft AVGFRE avgcc exe C WINDOWS system ctfmon exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe Winfixer popup C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS webshots scr C Program Files Yahoo WidgetEngine YahooWidgetEngine exe C WINDOWS System CTsvcCDA exe C Program Files Microsoft AntiSpyware gcasDtServ exe C Program Files Executive Software DiskeeperServer DKService exe C Program Files Common Files EPSON EBAPI SAgent exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Yahoo WidgetEngine YahooWidgetEngine exe C Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exe C Program Files Yahoo WidgetEngine YahooWidgetEngine exe C Program Files Yahoo WidgetEngine YahooWidgetEngine exe C WINDOWS System svchost exe C WINDOWS System MsPMSPSv exe C WINDOWS system svchost exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe C Program Files Internet Explorer iexplore exe C WINDOWS system DllHost exe C Program Files AIM aim exe C Program Files Internet Explorer iexplore exe C Program Files HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com myway O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RawExecAction Object - -E AB- BA - E D- B CECA - C WINDOWS system geebc dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run ATIModeChange Ati mdxx exe O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exe O - HKLM Run CTSysVol C Program Files Creative SBAudigy Surround Mixer CTSysVol exe O - HKLM Run CTDVDDet C Program Files Creative SBAudigy DVDAudio CTDVDDet EXE O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run PCMService quot C Program Files Dell Media Experience PCMService exe quot O - HKLM Run Tracker C Program Files MySoftware MyInvoices tracker exe O - HKLM Run DVDSentry C WINDOWS System DSentry exe O - HKLM Run dla C WINDOWS system dla tfswctrl exe O - HKLM Run AsioReg REGSVR EXE S CTASIO DLL O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP... Read more

Relevancy 85.14%

Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Ad Winfixer Popup Files ewido anti-malware ewidoctrl exeC Program Files ewido anti-malware ewidoguard exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus IWP NPFMntor exeC WINDOWS System svchost exeC Program Files Webroot Spy Winfixer Ad Popup Sweeper WRSSSDK exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS Explorer EXEC Program Files Digital Media Reader shwiconem exeC WINDOWS system spool drivers w x hpztsb exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Visual Networks Visual IP InSight SBC IPClient exeC Program Files Visual Networks Visual IP InSight SBC IPMon exeC Program Files Webroot Spy Sweeper SpySweeper exeC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files iPod bin iPodService exeC Program Files Messenger msmsgs exeC Program Files AIM aim exeC Program Files BigFix BigFix exeC Program Files Yahoo Messenger ymsgr tray exeC Program Files Hewlett-Packard Digital Imaging bin hpobnz exeC Program Files Hewlett-Packard Digital Imaging bin hpotdd exeC PROGRA Yahoo browser ycommon exeC Program Files Hewlett-Packard Digital Imaging bin hpoevm exeC Program Files Internet Explorer iexplore exeC WINDOWS system HPZipm exeC Program Files Hewlett-Packard Digital Imaging Bin hpoSTS exeC Program Files Juno bin juno exeC Program Files HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www emachines comR - HKLM Software Microsoft Internet Explorer Main Start Page http www emachines comO - BHO ATLDistrib Object - FCBC- D- B- BF - C FBEB - C WINDOWS system awvtq dllO - BHO no name - B CA - A - D -A DF- BB - no file O - BHO UberButton Class - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO YahooTaggedBM Class - D A - CA - B-BB - D EFB A - C Program Files Yahoo Common YIeTagBm dllO - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dllO - BHO no name - FDD B - D - ffb- - B AD ACC - no file O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run SunKistEM C Program Files Digital Media Reader shwiconem exeO - HKLM Run HPDJ Taskbar Utility C WINDOWS system spool drivers w x hpztsb exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run RecoverFromReboot C WINDOWS Temp RecoverFromReboot exeO - HKLM Run IPInSightLAN quot C Program Files Visual Networks Visual IP InSight SBC IPClient exe quot -lO - HKLM Run IPInSightMonitor quot C Program Files Visual Networks Visual IP InSight SBC IPMon exe quot O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe ConsumerO - HKLM Run SpySweeper quot C Program Files Webroot Spy Sweeper SpySweeper exe quot startintrayO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run AIM C Program Files AIM aim exe -cnetwait odlO - HKCU Run Yahoo Pager quot C Program Files Yahoo Messenger ypager exe quot -quietO - Global Startup BigFix lnk C Program Files BigFix BigFix exeO - Global Startup hp psc Series lnk C Program Files Hewlett-Packard Digital Imaging bin hpobnz exeO - Global Startup hpoddt exe lnk O - Global Startup Microsoft Of... Read more

A:Winfixer Ad Popup

Hi and welcome to BleepingComputer.I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.You may wish to Subscribe to this thread ( click on then ) so that you are notified when you receive a reply.Please be patient with me during this time.

http://www.bleepingcomputer.com/forums/t/42088/winfixer-ad-popup/
Relevancy 85.14%

Hey i have been having alot of problems Winfixer popup with this winfixer popup which pops up everytime i browse the net It opens up a new window for winfixer and an alert saying that there is problems in my registry that winfixer is needed to fix It also tries to get me to download the winfixer product It is driving me insane I would greatly appreciate any help i could get This is the results of a hijackThis scan of my computer Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System S EvMon exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system rundll exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS System igfxtray exe C WINDOWS System Winfixer popup hkcmd exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Norton AntiVirus navapsvc exe C WINDOWS System RegSrvc Winfixer popup exe C Program Files Synaptics Winfixer popup SynTP SynTPEnh exe C WINDOWS AGRSMMSG exe C Program Files Battery miser batterymiser exe C Program Files On Screen Display Hotkey exe C Program Files QuickTime qttask exe C Program Files Common Files Symantec Shared ccApp exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Java jre bin jusched exe C Program Files IP Operator IPOperator exe C PROGRA PANICW POP-UP PSFree exe C Program Files Kodak Kodak EasyShare software bin EasyShare exe C Program Files Norton AntiVirus SAVScan exe C WINDOWS System wuauclt exe C Program Files MSN Messenger msnmsgr exe C Program Files Spyware Doctor swdoctor exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Hijackthis HijackThis exe C Program Files Messenger msmsgs exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dll O - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - HKLM Run IgfxTray C WINDOWS System igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS System hkcmd exe O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run batterymiser C Program Files Battery miser batterymiser exe O - HKLM Run KeybdUtility quot C Program Files On Screen Display Hotkey exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe Consumer O - HKLM Run SSC UserPrompt C Program Files Common Files Symantec Shared Security Center UsrPrmpt exe O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run IPOperator quot C Program Files IP Operator IPOperator exe quot -aUtOsTaRtFrOmReG O - HKCU Run Spyware Doctor quot C Program Files Spyware Doctor swdoctor exe quot Q O - HKCU Run PopUpStopperFreeEdition quot C PROGRA PANICW POP-UP PSFree exe quot O - Global Startup Kodak EasyShare software lnk C Program Files Kodak Kodak EasyShare software bin EasyShare exe O - Global Startup Mic... Read more

Relevancy 85.14%

help i can t seem to get the stupid winfixer off my comp Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx Please Help Winfixer Popup exeC Winfixer Popup Please Help WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ACS exeC Program Files Common Files Symantec Shared ccProxy exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccSetMgr exeC PROGRA SYMANT Symantec Client Firewall ISSVC Winfixer Popup Please Help exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files TOSHIBA Power Management CeEPwrSvc exeC Program Files TOSHIBA ConfigFree CFSvcs exeC PROGRA SYMANT Symantec AntiVirus DefWatch exeC WINDOWS system DVDRAMSV exeC WINDOWS system svchost exeC PROGRA SYMANT Symantec Client Firewall SymSPort exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files TOSHIBA E-KEY CeEKey exeC Program Files TOSHIBA Power Management CePMTray exeC Program Files EzButton EzButton EXEC Program Files Apoint K Apoint exeC Program Files TOSHIBA TouchPad TPTray exeC Program Files TOSHIBA ConfigFree NDSTray exeC WINDOWS system dla tfswctrl exeC Program Files TOSHIBA Touch and Launch PadExe exeC Program Files ltmoh Ltmoh exeC WINDOWS AGRSMMSG exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT SYMANT VPTray exeC Program Files Lexmark Series lxcgmon exeC Program Files Lexmark Series ezprint exeC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC WINDOWS system ctfmon exeC Program Files iPod bin iPodService exeC Program Files Apoint K Apntex exeC WINDOWS system RAMASST exeC WINDOWS system lxcgcoms exeC PROGRA SYMANT Symantec AntiVirus Rtvscan exeC Program Files Internet Explorer iexplore exeC Documents and Settings louis liao Desktop hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http www microsoft com isapi redir dll prd ie ar iesearchR - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www microsoft com isapi redir dll p er ar msnhomeR - HKLM Software Microsoft Internet Explorer Main Default Search URL http www microsoft com isapi redir dll prd ie ar iesearchR - HKLM Software Microsoft Internet Explorer Main Search Page http www microsoft com isapi redir dll prd ie ar iesearchR - HKLM Software Microsoft Internet Explorer Main Start Page http www google ca O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO ATLDistrib Object - C C- DB - - BD -E C A AD - C WINDOWS system mljjk dllO - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exeO - HKLM Run CeEKEY C Program Files TOSHIBA E-KEY CeEKey exeO - HKLM Run CeEPOWER C Program Files TOSHIBA Power Management CePMTray exeO - HKLM Run EzButton C Program Files EzButton EzButton EXEO - HKLM Run Apoint C Program Files Apoint K Apoint exeO - HKLM Run TPNF C Program Files TOSHIBA TouchPad TPTray exeO - HKLM Run NDSTray exe NDSTray exeO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run PadTouch C Program Files TOSHIBA Touch and Launch PadExe exeO - HKLM Run LtMoh C Program Files ltmoh Ltmoh exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptray C PROGRA SYMANT SYMANT VPTray exeO - HKLM Run LXCGC... Read more

A:Winfixer Popup Please Help

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

http://www.bleepingcomputer.com/forums/t/41677/winfixer-popup-please-help/
Relevancy 85.14%

I have been afflicted with Winfixer pop-ups.I have Mcafee spyware detector which keeps on poping up saying my pc is infected with Adware-Virtumundo
and under windows\system32\jkhff.dll file shows.I can't clean, delete or move this file.I tried running ad-aware/stinger..nothing.tried to login in safe mode but I can't i just see a black screen and nothing.I have noticed it has something to do with IE and Msn messanger.when I use firefox no problem,I don't see the pop up which advertises it's product saying "Install Winfix..."
Anyhelp how I can clean this spyware,thanks.
 

Relevancy 85.14%

I have the same happening on my computer in the last few days the bottom bar disappearing reappearing It always comes back after a short time maybe a minute It started after I downloaded a big program F-Secure I think my problem may be caused my Memory Resources a problem I had before and understand Could this be your problem Do you have Popup Winfixer a lot of programs loading lots of little pictures that appear on the bottom of the Winfixer Popup bar I am far from an expert on computers But I know every picture or program that runs uses up some of the resources Think of a man juggling apples The more apples he adds to the circle flying above his head the more likely it ll come crashing down In my case lots of the little pictures loading at the bottom of the bar I don t need to load so I m going to learn how to stop them from loading at all turn them off I m not familar with other computers but on Windows ME you can look Winfixer Popup at Memory Resources by going to START PROGRAMS ACCESSERIES SYSTEM TOOLS There is a Resource Meter there See if you can find yours If you are having a problem the meter should tell you Maybe someone Winfixer Popup could tell you more about this nbsp

Relevancy 85.14%

WinFixer and other similar ads are starting to popup on my screen constantly Here is my hijackthis logfile and I would appreciate any help Thanks Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE among others... WinFixer popup Internet Explorer v WinFixer popup among others... SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe WinFixer popup among others... C WinFixer popup among others... WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe c program files mcafee com agent mcdetect exe c PROGRA mcafee com vso mcshield exe c PROGRA mcafee com agent mctskshd exe c PROGRA mcafee com vso OasClnt exe C PROGRA Intel Wireless Bin XConfig exe C Program Files Intel Wireless Bin RegSrvc exe c program files mcafee com vso mcvsshld exe c progra mcafee com vso mcvsescn exe c program files mcafee com agent mcagent exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files QuickTime qttask exe C Program Files Messenger msmsgs exe c progra mcafee com vso mcvsftsn exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize yco search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize yco www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com myway R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com myway O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO MSEvents Object - FC - E - D -AC - DCAA A D - C WINDOWS system mllmm dll O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dll O - HKLM Run IntelWireless C Program Files Intel Wireless Bin ifrmewrk exe tf Intel PROSet Wireless O - HKLM Run VSOCheckTask quot C PROGRA McAfee com VSO mcmnhdlr exe quot checktask O - HKLM Run MCAgentExe c PROGRA mcafee com agent mcagent exe O - HKLM Run MCUpdateExe C PROGRA mcafee com agent McUpdate exe O - HKLM Run VirusScan Online C Program Files McAfee com VSO mcvsshld exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run OASClnt C Program Files McAfee com VSO oasclnt exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dll O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button no name - CD F -D E - d - FE- C F AFE - no file O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF - E - D - - ED Support com Configuration Class - http support fastaccess com sdccom ad tgctlcm cab O - DPF AEEDE - - FB -A FE- BFF EF FC McAfee Virtual Technician Control... Read more

A:WinFixer popup among others...

Download VirtumundoBeGone to your desktop.

* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Click Run if asked
* Click Start
* Click Yes

When its done, reboot and post the log that is created on your desktop called VBG.TXT.

---------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\mllmm.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll
---------------------------------

Please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.

* Tick - Show hidden files and folder
* Untick - Hide file extensions for known types
* Untick - Hide protected operating system files

--------------------------------

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\WINDOWS\system32\mllmm.dll

---------------------------------

Go to Start> Run - type cleanmgr (this starts Windows DiskCleanup)

1. Select Drive C: & click the 'OK' button
2. Select the following options:
* Temporary Internet Files
* Recycle Bin
* Temporary Files
3. Click the 'OK' button

Restart your system. Run a new scan with HJT, and post that log here.

http://www.techsupportforum.com/forums/f100/winfixer-popup-among-others-75258.html
Relevancy 85.14%

got this pop up every couple of seconds and I don't remember doing anything to quot infect quot Infected With Malware Trojan.win32.starfield Popup my comp I have run adaware reguarly and spybot and ran a hijack this report which follows I am running vista if that helps I have seen where y'all have helped others get rid of this mess Please help me too thanks donLogfile of Trend Micro HijackThis v Infected With Malware Popup Trojan.win32.starfield Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Infected With Malware Popup Trojan.win32.starfield Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Motorola SMSERIAL sm hlpr exeC Program Files BigFix bigfix exeC Program Files Grisoft AVG avgcc exeC Program Files Hp HP Software Update hpwuSchd exeC Program Files VMware VMware Player hqtray exeC Program Files iTunes iTunesHelper exeC Windows ehome ehtray exeC Program Files palmOne Hotsync exeC Program Files Hp Digital Imaging bin hpqtra exeC PROGRA Webshots Webshots scrC Windows ehome ehmsas exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files Internet Explorer ieuser exeC Program Files Internet Explorer iexplore exeC Windows system taskeng exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Internet Explorer iexplore exeC Users don smith AppData Local Microsoft Windows Temporary Internet Files Content IE ZY HF R stinger exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www gateway com g startpage html Ch TB amp M MT R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www gateway com g startpage html Ch TB amp M MT R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www gateway com g startpage html Ch TB amp M MT R - HKCU Software Microsoft Internet Explorer SearchURL Default http www searchgateway net search sR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Web Search - A -BDF - - - ACA C D - C Windows websrc dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - c google BAE dllO - BHO PosHelp - CDEEC D- - E -A A -F D F C - C PROGRA ADVANC ADVANC DLLO - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar Advanced Searchbar - F - D - - AD - C D ADC - C Program Files AdvancedSearchbar advancedsearchbar dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run SMSERIAL C Program Files Motorola SMSERIAL sm hlpr exeO - HKLM Run BigFix c program files Bigfix bigfix exe atstartupO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run VMware hqtray quot C Program Files VMware VMware Player hqtray exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper... Read more

A:Infected With Malware Popup Trojan.win32.starfield

Hello poppitangtang, I am SifuMike and I will be helping you. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ***************************** Reconfigure Windows Vista to show hidden files: To enable the viewing of Hidden files follow these steps: Close all programs so that you are at your desktop. Access Control Panel. Click Folder Options. After the new window appears select the View tab. Put a checkmark in the checkbox labeled Display the contents of system folders. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Remove the checkmark from the checkbox labeled Hide protected operating system files. Press the Apply button and then the OK button and shutdown My Computer. Now your computer is configured to show all hidden files. ***************************** I see you are running Teatimer and Windows Defender. Please disable them because they can interfere with the changes you'll make on your system.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. How to disable TeaTimer during HijackThis CleanupWhen everything is done and your log is clean again, you can enable it again.Then, Download ResetTeaTimer.bat.Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.1. With all other applications and Windows closed, open HijackThis, System Scan only. Checkmark these items: O2 - BHO: Web Search - {6A719349-BDF5-4268-9019-4ACA0C2562D2} - C:\Windows\websrc32.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) ?Click "Fix checked" and when the log panel clears exit HijackThis. 2. Download? FixIEDef.exe by ShadowPuterDude to the Desktop. Mirrors: Alternate official download locations for FixIEDef.exe http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe http://hosts-file.net/download/fixiedef/fixiedef.exe http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef Disable Spybot Teatimer, Windows Defender and AVG antivirus before running FixIEDef. Double-click FixIEDef.exe, this will create a folder named FixIEDef on your Desktop. Double-click of the FixIEDef folder. NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender. WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal proc... Read more

http://www.bleepingcomputer.com/forums/t/121435/infected-with-malware-popup-trojanwin32starfield/
Relevancy 85.14%

The pop up I keep getting after solving almost all the other problems is a VirusScan On Access Scan Message that says VirusScan Alert and gives Infected Zlob Alert Popup Trojan?/virusscan With a date Infected With Zlob Trojan?/virusscan Alert Popup and time PM a pathname C quarantine katrinka jar- c fd - d c b zip Infected With Zlob Trojan?/virusscan Alert Popup Vir KATRINKA JAR- C FD detected as Exploit-ByteVerify and a state Moved clean failed I never use to get this pop up until the events of today which are more or less detailed below I think this is the last remnant of a Zlob trojan infection and I can t get rid of it could this be a real alert or is this still the trojan The following balloons pop up in my bottom right tray with flashing yellow caution triangle They were removed only with the Housecall and BitDefender System Alert Malware ThreatsYour computer is infected with a back door Trojan that allows the remote attacker to perform various malicious actions Click this baloon to download malware removal software Infected With Zlob Trojan?/virusscan Alert Popup System Alert trojan-spy Win mxA similar messageGet often Internet Explorer popups Some are pornography others say my computer is infected and list software I should download Another popup is an internet explorer window with a blue screen the window heading reads http www errorsafe com - Error Detected -Microsoft Internet Explorer again removed only with Housecall and Bit Defender Computer just works slower as well VirusBuster was downloaded onto my computer subsequently removed by myself from Add Remove Programs The download came as a result from visiting a questionable website for a video The video said I didn t have the proper codec to view it and had a link to click to download it The rest is history Internet Explorer Security Plugin in the Add Remove Programs window of the Control Panel Couldn t remove it manually Would get a message saying before removal computer would need rebooting Had funny nonsense symbols in window header of this rebooting message This was subsequently removed by one of the scans performed I think this is a signature for the Trojan Zlob family Also got the following pop up window removed only with Bit Defender and Housecall Critical System Warning Your system is probably infected with latest version of Spyware CyberLog-XType SpywareInfection Length bytesRisk HighSystems Affected Windows NT Server Windows XPBehavior Spyware CyberLog-X is a spyware program that monitors user activity logs keystrokes and tracks Web sites visited Symptoms Low internet connection speed Low system performance Security center alerts Strange pop up windowsProtection Click OK to download antispyware softwareScans performed rougescanfix setup exesmitRemPanda Anti Virus ProAd-AwareSpyBotMcAfee Avert Stinger v Housecall AntivirusBit Defender these last two positively identified the virus as a from Zlob family but and I deleted the two exe files that the programs could not yet the pop up persisted and the Bit Defender scan informed me that my computer is still infected Was running a Windows firewall have since changed to ZoneLabs Zone Alarm Pro Windows IE v is up to date Running McAfee Anti-Virus Enterprise HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC Program Files Common Files Virtual Token vtserver exeC WINDOWS system ibmpmsvc exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system spoolsv exeC Program Files IBM Bluetooth Software bin btwdins exeC WINDOWS System svchost exeC Program Files IBM IBM Rapid Restore Ultra rrpcsb exeC Program Files IBM Security uvmser... Read more

A:Infected With Zlob Trojan?/virusscan Alert Popup

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Some of this may seem repetitive to you, but bear with me and we'll get you fixed up.Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log.

http://www.bleepingcomputer.com/forums/t/72496/infected-with-zlob-trojanvirusscan-alert-popup/
Relevancy 83.85%

Hi I am running Windows XP on a Dell Latitude D I also normally run and update fairly regularly Adaware Spybot S amp D Windows Antispyware Beta and Norton Anti Virus Sorry for the essay that follows but I wanted to be thorough I hit a webpage that threw me this lovely winfixer bug with all the popups telling me I need winfixer etc Norton seemed to catch one of the attempts but not the other After surfing the web I have tried and failed Popup Problem Winfixer with the following AdAware Spybot Windows AntiSpyware and Norton Symantec - all scan without spotting the problem I tried installing SpyCatcher Express which spotted that byxur dll kept trying to launch SpyCatcher successfully stopped it and seemed to stop the winfixer popups by doing so but then when I rebooted my system nothing would load Removed SpyCatcher Express in Winfixer Popup Problem safe mode and finally my comp would load again and winfixer problems are still there Also Norton just caught trojan download trying to get on my computer Also for the record I have not clicked to download any of Winfixer Popup Problem the files winfixer has been trying to get me to accept I have tried Vundofix which removed files the first time but now says it detects no problem files VirtumundoBeGone also doesn't spot anything After watching my automatic updates have some trouble I also updated my microsoft update files I followed the prep stuff you listed in this forum McAfee Stinger spotted nothing I threw a HJT log into some diagnostic page which highlighted that the byxur dll and possibly cbawu dll files are the problem - however as I've had enough freak outs over the past hours I would love it if someone could please check my HJT log and give me some advice before I break anything Many thanks MKM o o HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS System Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS System brsvc a exeC WINDOWS system spoolsv exeC WINDOWS System brss a exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS System basfipm exeC PROGRA SYMANT SYMANT DefWatch exeC Program Files Dell OpenManage Client Iap exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC PROGRA SYMANT SYMANT Rtvscan exeC Program Files Apoint Apoint exeC Program Files Java j re bin jusched exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Dell QuickSet quickset exeC WINDOWS System DSentry exeC PROGRA SYMANT SYMANT vptray exeC Program Files Common Files Real Update OB realsched exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Apoint Apntex exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS System spool drivers w x hpztsb exeC Program Files Dantz Retrospect retrorun exeC Program Files Google Gmail Notifier G - gnotify exeC Program Files CyberLink PowerDVD PDVDServ exeC PROGRA Maxtor OneTouch Utils OneTouch exeC WINDOWS MXOALDR EXEC WINDOWS System hphmon exeC WINDOWS System svchost exeC Program Files Hewlett-Packard HP Share-to-Web hpgs wnd exeC Program Files Microsoft AntiSpyware gcasServ exeC Program Files QuickTime qttask exeC Program Files Picasa PicasaMediaDetector exeC Program Files Microsoft AntiSpyware gcasDtServ exeC Program Files Hewlett-Packard HP Share-to-Web hpgs wnf exeC WINDOWS System ctfmon exeC Program Files MSN Messenger MsnMsgr ExeC Program Files Adobe Acrobat Distillr acrotray exeC windows DvzCommon DvzMsgr exeC Program Files Internet Explorer iexplore exeC Documents and Settings Dell My Documents My Programs HijackThis exeC WINDOWS notepad exeR - HKCU Software Microsoft Internet Explorer Main Defa... Read more

A:Winfixer Popup Problem

Hi misskittysmeow and Welcome to the Bleeping Computer!Please read through all these instructions before proceeding,be sure you have all the necessary downloads before going to safe mode.Please download the zip attached to this post to your desktop and unzip it,inside you will find Vun.reg which we will need in safe mode.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please print these instructions out for use in Safe Mode.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to extract the filesThis will create a VundoFix folder on your desktop.After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.Once in safe mode open the VundoFix folder and doubleclick on KillVundo.batYou will first be presented with a warning.
It should look like this
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.
Next you will see:
Please Type in the filepath as instructed by the forum staff
and then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\System32\byxur.dllPress Enter to continue with the fix.
Next you will see:
Please type in the second filepath as instructed by the forum
staff then press enter: At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\System32\cbawu.dllPress Enter to continue with the fix.The fix will run then HijackThis will open, if it does not open automatically please open it manually.In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINDOWS\System32\byxur.dll

O20 - Winlogon Notify: byxur - C:\WINDOWS\System32\byxur.dll

O20 - Winlogon Notify: cbawu - C:\WINDOWS\System32\cbawu.dllAfter you have fixed these items, close Hijackthis.Press enter to exit the program then manually reboot your computer.Once your machine reboots please continue with the instructions below.Open the unzipped attachment-> Locate and Double Click Vun.reg,when asked to merge into the registry,please click "Yes" and allow the reg file to merge.Now loacate and run ATF just as described earlier in this post.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.Restart Normal.Copy the text below to a blank notepad page-> Save it to the desktop as Find.batdir \rock.exe /a h /s > File.txtDouble Click Find.bat and wait for the Command Prompt window to close.Now,locate File.txt on your desktop-> Copy&Paste those results in the next reply along with a fresh HijackThis log.

http://www.bleepingcomputer.com/forums/t/49789/winfixer-popup-problem/
Relevancy 83.85%

I have carried out scans as suggested but still have this problem with the above pop-up appearing after I close an IE grey message Amaena.com/winfixer Popup box saying I have either the Blackworm or Beagle virus This has also led to other pop-ups appearing eg adultfriendfinder comHow do I get rid of these things and how do I stop them happening again I use Zone Alarm Firewall Norton Anti-Virus and also Adware and Spybot Here is my log Logfile of HijackThis v Scan saved at on Platform Windows Amaena.com/winfixer Popup XP SP WinNT MSIE Internet Explorer Amaena.com/winfixer Popup v SP Running processes C WINDOWS System smss exeC WINDOWS Amaena.com/winfixer Popup system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS System CTsvcCDA exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus IWP NPFMntor exeC WINDOWS System nvsvc exeC Program Files CheckPoint SecuRemote bin SR WatchDog exeC WINDOWS System svchost exeC Program Files CheckPoint SecuRemote bin SR GUI exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS SYSTEM ZoneLabs vsmon exeC WINDOWS System MsPMSPSv exeC WINDOWS BCMSMMSG exeC WINDOWS system dla tfswctrl exeC Program Files Dell Media Experience PCMService exeC WINDOWS System DSentry exeC Program Files Logitech iTouch iTouch exeC WINDOWS System spool DRIVERS W X E S I F EXEC Program Files Creative SBLive Diagnostics diagent exeC Program Files BroadJump Client Foundation CFD exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Logitech MouseWare system em exec exeC PROGRA ntl BROADB SMARTB MotiveSB exeC Program Files Labtec moffice exeC WINDOWS System spool DRIVERS W X E S I P EXEC Program Files Labtec MOUSE A DATC WINDOWS System spool DRIVERS W X E S I P EXEC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files Zone Labs ZoneAlarm zlclient exeC WINDOWS system ctfmon exeC Program Files Microsoft Money System mnyexpr exeC Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exeC Program Files Creative Shared Files Media Sniffer MtdAcq exeC Program Files Creative MediaSource Detector CTDetect exeC Program Files CheckPoint SecuRemote bin SR Service exeC lotus wordpro ltsstart exeC Program Files Sony OpenMG Jukebox Omgtray exeC Program Files WinZip WZQKPICK EXEC lotus register remind exeC WINDOWS webshots scrC Program Files iPod bin iPodService exeC Program Files ntl broadband medic bin mpbtn exeC Program Files Common Files Sony Shared AVLib SPTISRV exeC Program Files Messenger msmsgs exeC Program Files Norton AntiVirus OPScan exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www euro dell com countries uk enu gen default htmR - HKCU Software Microsoft Internet Explorer Main Start Page http www ntlworld com R - HKLM Software Microsoft Internet Explorer Main Start Page http www euro dell com countries uk enu gen default htmR - HKCU Software Microsoft Internet Explorer Main Window Title Tiscali R - Default URLSearchHook is missingO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO DosSpecFolder Object - E BEA - D - -B - B D D - C WINDOWS system awtsq dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO no name - B CA - A - D -A DF- BB - no file O - BHO DriveLett... Read more

A:Amaena.com/winfixer Popup

Hi camlet,Welcome to BleepingComputer!My name is Nick and I will be reviewing your logs.You may want to uninstall logitech desktop messenger if you're not using it, since i've seen it create errors.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Open HijackThis and Scan. Place a check next to the following entries:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O4 - HKLM\..\Run: [NastySex] C:\WINDOWS\NastySex.exe -nClose any open browsers (other than HijackThis) and click "Fix Checked".Delete the following file:C:\WINDOWS\NastySex.exePlease go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with the contents of C:\vundofix.txt and a fresh HijackThis log.Thanks,Nick BleepingComputer

http://www.bleepingcomputer.com/forums/t/48982/amaenacomwinfixer-popup/
Relevancy 83.85%

Hi- I'm getting a pop up ad for winfixer that I can't get rid of I've followed all the directions on the intro page so here's my log Winfixer Infection Popup Logfile of HijackThis Winfixer Popup Infection v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc Winfixer Popup Infection exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system spoolsv exeC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus IWP NPFMntor exeC WINDOWS System nvsvc exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Common Files AOL ACS AOLDial exeC PROGRA COMMON AOL AOLSPY AOLSP Scheduler exeC WINDOWS system RUNDLL EXEC WINDOWS system sstray exeC WINDOWS zHotkey exeC Program Files Digital Media Reader shwiconem exeC Program Files Common Files Microsoft Shared Works Shared WkUFind exeC Program Files QuickTime qttask exeC Program Files Common Files Symantec Shared ccApp Winfixer Popup Infection exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Messenger msmsgs exeC Program Files BigFix BigFix exeC WINDOWS system wuauclt exeC Program Files Common Files Symantec Shared Security Console NSCSRVCE EXEC WINDOWS system taskmgr exeC WINDOWS system msiexec exeC Program Files HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www emachines comR - HKCU Software Microsoft Internet Connection Wizard ShellNext http www earthlink net O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO no name - B CA - A - D -A DF- BB - no file O - BHO UberButton Class - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO YahooTaggedBM Class - D A - CA - B-BB - D EFB A - C Program Files Yahoo Common YIeTagBm dllO - BHO ATLDistrib Object - A E-A F- A -A FE- F - C WINDOWS system mlljg dllO - BHO NAV Helper - A F D D-E - D -B A - BB FDD - C Program Files Norton AntiVirus NavShExt dllO - BHO no name - FDD B - D - ffb- - B AD ACC - no file O - Toolbar AOL Toolbar - D A-C B- -B B-B B E D C - C Program Files AOL Toolbar toolbar dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar Norton AntiVirus - C E A- F - E-B E- B - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLDial exeO - HKLM Run AOL Spyware Protection quot C PROGRA COMMON AOL AOLSPY AOLSP Scheduler exe quot O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInitO - HKLM Run nForce Tray Options sstray exe rO - HKLM Run CHotkey zHotkey exeO - HKLM Run ShowWnd ShowWnd exeO - HKLM Run SunKistEM C Program Files Digital Media Reader shwiconem exeO - HKLM Run Microsoft Works Update Detection C Program Files Common Files Microsoft Shared Works Shared WkUFind exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run Zone Labs Client C Program Files Zone Labs ZoneAlarm zlclient exeO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - Global Startup Adobe Gamm... Read more

A:Winfixer Popup Infection

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

http://www.bleepingcomputer.com/forums/t/42474/winfixer-popup-infection/
Relevancy 83.85%

Hi,
My computer has recently been having Winfixer popups when I switch on/open IE.

Do you have any ideas to solve this please?

The system is Windows XP.

Many thanks Gi
 

Relevancy 83.85%

This is my logfile I googled a solution to this problem and people pointed me in this direction Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS Annoyance Winfixer Popup Explorer EXEC WINDOWS System wltrysvc exeC WINDOWS Winfixer Popup Annoyance System bcmwltry exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared Security Center SymWSC exeC WINDOWS system wscntfy exeC WINDOWS system hkcmd Winfixer Popup Annoyance exeC WINDOWS system ctfmon exeC Program Files AIM aim exeC Program Files MSN Messenger msnmsgr exeC Program Files Messenger msmsgs exeC WINDOWS System svchost exeC Winfixer Popup Annoyance Program Files Highjack This HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Search Bar http bfc myway com search de srchlft htmlR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com mywayR - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe bin deSrcAs dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe bin deSrcAs dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO Norton Internet Security - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dllO - BHO MSEvents Object - FC - E - D -AC - DCAA A D - C WINDOWS system jkkji dllO - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton Internet Security Norton AntiVirus NavShExt dllO - Toolbar no name - DFF F- - BDE-A -D E C - no file O - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run AIM C Program Files AIM aim exe -cnetwait odlO - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot backgroundO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra button AIM - AC E - - d -BC D- B D A DE - C Program Files AIM aim exeO - Extra button Real com - CD F -D E - d - FE- C F AFE - C WINDOWS system Shdocvw dllO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Trusted Zone http buddybuddy co kr HKLM O - DPF -A C- D - A - BF FBE NetmarbleStarter Class - http www netmarble net game nmstarter NMStarter cabO - DPF E BADF-F B - D-B D- D CADEFE F CyImage Ctl Class - http cyimg cyworld nate com ImageUpload mageUpload cabO - DPF B - E - EA - B - F A BC MessengerStatsClient Class - http messenger zone msn com binary Messe nt ca... Read more

A:Winfixer Popup Annoyance

Hi Schala and Welcome to the Bleeping Computer!Please print these instructions out for use in Safe Mode.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to extract the filesThis will create a VundoFix folder on your desktop.After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.Once in safe mode open the VundoFix folder and doubleclick on KillVundo.batYou will first be presented with a warning.
It should look like this
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.
Next you will see:
Please Type in the filepath as instructed by the forum staff
and then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\jkkji.dllPress Enter to continue with the fix.
Next you will see:
Please type in the second filepath as instructed by the forum
staff then press enter: At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\ijkkj.*
This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*Press Enter to continue with the fix.The fix will run then HijackThis will open, if it does not open automatically please open it manually.In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\jkkji.dll

O20 - Winlogon Notify: jkkji - C:\WINDOWS\system32\jkkji.dllAfter you have fixed these items, close Hijackthis.Press enter to exit the program then manually reboot your computer.Once your machine reboots please continue with the instructions below.Download and install CleanUp!Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to the following (Make sure nothing else is checked!):Empty Recycle BinsDelete CookiesDelete Prefetch filesCleanup! All UsersClick OKPress the CleanUp! button to start the program.It may ask you to reboot at the end, click NO.Then, please run this online virus scan: ActiveScanCopy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

http://www.bleepingcomputer.com/forums/t/33645/winfixer-popup-annoyance/
Relevancy 83.85%

Like many I've been annoyed with those winfixer popups for weeks I ran ad-aware SE until there were no more infected files detected Winfixer Popup Adware I then ran spy-bot search and destroy and removed all infected files followed by AVG The Bit defender online scan got rid of the remaining infected files McAfee Stinger came up clean How do I know if Winfixer is completely removed or not as it is incredibly annoying Here is my HiJackthis logfile Thanks Logfile of HijackThis v Scan saved at PM Winfixer Adware Popup on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services Winfixer Adware Popup exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS ALCXMNTR EXEC Program Files QuickTime qttask exeC Program Files Google Gmail Notifier gnotify exeC PROGRA MUSICM MUSICM MMDiag exeC Program Files Winfixer Adware Popup Microsoft AntiSpyware gcasServ exeC PROGRA Grisoft AVG avgcc exeC Program Files M-Audio Ozone OZTask exeC Program Files MUSICMATCH MUSICMATCH Jukebox mim exeC Program Files Microsoft AntiSpyware gcasDtServ exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system cisvc exeC Program Files Digidesign Drivers MMERefresh exeC Program Files M-Audio Ozone Install Ozinst exeC WINDOWS System svchost exeC WINDOWS system cidaemon exeC Program Files Internet Explorer iexplore exeC Documents and Settings Owner My Documents Unzipped hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer presented by ComcastR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO MSEvents Object - DC -DD F- A -A - EB A - C WINDOWS system gebca dllO - HKLM Run MimBoot C PROGRA MUSICM MUSICM mimboot exeO - HKLM Run AlcxMonitor ALCXMNTR EXEO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run e - f c- e -a ec-b a b c C Program Files Google Gmail Notifier gnotify exeO - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKCU Run BackupNotify c Program Files HP Digital Imaging bin backupnotify exeO - Global Startup M-Audio Ozone Control Panel Launcher lnk C Program Files M-Audio Ozone OZTask exeO - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXEO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MI OFFICE EXCEL EXE O - Extra button no name - CA D - D - DBC- EE - E C F - no file HKCU O - DPF -C A- E-A -C C BBF Windows Genuine Advantage Validation Tool - http go microsoft com fwlink linkid O - DPF D A- DB- D- A -E D Liquid LiquidHelper - file E components Liquid ocxO - DPF D DDB -BDF - B- E E-D F EE BDSCANONLINE Control - http download bitdefender com resources scan oscan cabO - DPF E A- D- EE - C-DC FA D FC MUWebControl Class - http update microsoft com microsoftupdat b O - DPF E A BF-FD - A- C- EB E AE Housecall ActiveX - http eu-housecall trendmicro-europe com ivex hcImpl cabO - DPF A A - DA - DAF-B - F E E ActiveScan Installer Class - http acs pandasoftware com activescan as free asinst cabO - Winlogon Notify gebca - C WINDOWS system gebca dllO - Winlogo... Read more

A:Winfixer Adware Popup

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Click the Free Trial link under to "SpySweeper" to download the program. Install it. Once the program is installed, it will open. It will prompt you to update to the latest definitions, click Yes. Once the definitions are installed, click Sweep Now on the left side. Click the Start button. When it's done scanning, click the Next button. Make sure everything has a check next to it, then click the Next button. It will remove all of the items found. Click Session Log in the upper right corner, copy everything in that window. Click the Summary tab and click Finish. Paste the contents of the session log you copied into your next reply.Then reboot your computer - IMPORTANTThen post a new HJT logDavid

http://www.bleepingcomputer.com/forums/t/35034/winfixer-adware-popup/
Relevancy 83.85%

Wifes laptop crapped up with something I found the thread about the Vundo fix dl ed and popup winfixer Solved: ran that routine hijack log below Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer Solved: winfixer popup v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system spoolsv exe C WINDOWS System Ati evxx exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Norton AntiVirus Solved: winfixer popup navapsvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C WINDOWS System svchost exe C WINDOWS System wuauclt exe C WINDOWS Explorer EXE C WINDOWS AGRSMMSG exe C Program Files Apoint K Apoint exe C Program Files Fujitsu Fujitsu Hotkey Solved: winfixer popup Utility IndicatorUty exe C Program Files Fujitsu Application Panel QuickTouch exe C Program Files Fujitsu BtnHnd BtnHnd exe C Program Files iTunes iTunesHelper exe C Program Files QuickTime qttask exe C Program Files ScanSoft OmniPageSE OpwareSE exe C Program Files iPod bin iPodService exe C Program Files BroadJump Client Foundation CFD exe C Program Files Yahoo browser ybrwicon exe C Program Files Apoint K HidFind exe C Program Files Apoint K Apntex exe C PROGRA SBCSEL SMARTB MotiveSB exe C Program Files Common Files Symantec Shared ccApp exe C PROGRA Yahoo browser ycommon exe C Program Files Common Files Symantec Shared Security Center UsrPrmpt exe C Program Files Messenger msmsgs exe C WINDOWS System ctfmon exe C Program Files Microsoft Money System mnyexpr exe C Program Files Hewlett-Packard Digital Imaging bin hpotdd exe C Program Files Hewlett-Packard Digital Imaging bin hposol exe C Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exe C Program Files TrueAssistant TrueAssistant exe C Program Files SBC Self Support Tool bin mpbtn exe C Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C Program Files Mozilla Firefox firefox exe C Documents and Settings Owner Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cus sbcydsl http www yahoo com search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com customize ie defaults sp sbcydsl http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dsl R - HKLM Software Microsoft Internet Explorer Main Default Page URL http yahoo sbc com dsl R - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize ie defaults su sbcydsl http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cus sbcydsl http www yahoo com search ie html R - HKLM Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com customize ie defaults sp sbcydsl http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dsl R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ie defaults su sbcydsl http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn ycomp dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - B CA - A - D -A DF- BB - no file O - BHO ... Read more

Relevancy 83.85%

Definitely have the WinFixer popup but popups for other sites also occur Don't know if all due to WinFixer or not Below is HijackThis log file for this computer also have problem on another computer Thanks for your help Logfile of HijackThis v Scan saved at PM on Ad And Others Possibly Winfixer Popup Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS Winfixer Ad Popup And Possibly Others system winlogon exeC WINDOWS Winfixer Ad Popup And Possibly Others system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC WINDOWS system inetsrv inetinfo exeC Program Files Common Files Microsoft Shared VS Debug mdm exec Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exeC WINDOWS Explorer EXEC PROGRA MICROS MSSQL binn sqlservr exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus AdvTools NPROTECT EXEC WINDOWS System nvsvc exeC Program Files Norton AntiVirus SAVScan exeC Program Files Apoint Apoint exeC Program Files Spyware Doctor sdhelp exeC Program Files Adaptec Easy CD Creator DirectCD DirectCD exeC Program Files Common Files Symantec Shared ccApp exeC Program Files QuickTime qttask exeC Program Files Microsoft AntiSpyware gcasServ exeC Program Files Messenger Msmsgs exeC Program Files Spyware Doctor swdoctor exec Program Files Microsoft SQL Server Shared sqlbrowser exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Apoint Apntex exeC Program Files Microsoft SQL Server Tools Binn sqlmangr exeC Program Files Business Objects BusinessObjects Enterprise win x cms exeC Program Files Handspring HOTSYNC EXEC Program Files Common Files Business Objects bin crystalras exeC Program Files Microsoft AntiSpyware gcasDtServ exeC Program Files Business Objects BusinessObjects Enterprise win x win x cacheserver exeC Program Files Business Objects BusinessObjects Enterprise win x pageserver exeC Program Files Business Objects BusinessObjects Enterprise win x procDest exeC Program Files Business Objects BusinessObjects Enterprise win x EventServer exeC Program Files Business Objects BusinessObjects Enterprise win x inputfileserver exeC Program Files Business Objects BusinessObjects Enterprise win x JobServer exeC Program Files Business Objects BusinessObjects Enterprise win x pageserver exeC Program Files Business Objects BusinessObjects Enterprise win x outputfileserver exeC Program Files Business Objects BusinessObjects Enterprise win x procLov exeC Program Files Business Objects BusinessObjects Enterprise win x ProgramServer exeC Program Files Business Objects BusinessObjects Enterprise win x procWebi exeC Program Files Business Objects BusinessObjects Enterprise win x WIReportServer exeC Program Files Common Files Symantec Shared Security Center SymWSC exeC WINDOWS system wscntfy exeC WINDOWS System alg exeC Program Files Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dllO - BHO MSEvents Object - B D -F - -AC -E AB C F - C WINDOWS system geebx dllO - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run Apoint C Program Files Apoint Apoint exeO - ... Read more

A:Winfixer Ad Popup And Possibly Others

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Click the Free Trial link under to "SpySweeper" to download the program. Install it. Once the program is installed, it will open. It will prompt you to update to the latest definitions, click Yes. Once the definitions are installed, click Sweep Now on the left side. Click the Start button. When it's done scanning, click the Next button. Make sure everything has a check next to it, then click the Next button. It will remove all of the items found. Click Session Log in the upper right corner, copy everything in that window. Click the Summary tab and click Finish. Paste the contents of the session log you copied into your next reply.Then reboot your computer - IMPORTANTThen post a new HJT logDavid

http://www.bleepingcomputer.com/forums/t/35854/winfixer-ad-popup-and-possibly-others/
Relevancy 83.85%

I have XP Any time my browser is open I get a constant pop up of winfixer with the following URL - http winfixer com pages scanner aid mgwfron amp lid RON amp p amp get Can't of Winfixer Solved: popup rid ax Attached is a hijack this log any idea how to get rid of this annoying pop up I have run ad aware and it does not stop it here is the hijack this log---------- Solved: Can't get rid of Winfixer popup Logfile of HijackThis v Solved: Can't get rid of Winfixer popup Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Norton Internet Security ISSVC exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system rundll exe Solved: Can't get rid of Winfixer popup C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Iomega AutoDisk ADUserMon exe C Program Files Iomega DriveIcons ImgIcon exe C Program Files QuickTime qttask exe C Program Files Java jre bin jusched exe C Program Files ABBYY FineReader Pro CAgent exe C Updater exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files Microsoft AntiSpyware gcasServ exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Plaxo InstallStub exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Microsoft Location Finder LocationFinder exe C Program Files eFax Messenger Plus J GDllCmd exe C Program Files eFax Messenger Plus J GTray exe C WINDOWS system devldr exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files ewido security suite ewidoctrl exe C WINDOWS System gearsec exe C PROGRA Iomega System AppServices exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Norton Internet Security Norton AntiVirus navapsvc exe C WINDOWS System nvsvc exe C WINDOWS system pctspk exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Iomega AutoDisk ADService exe C Program Files Microsoft AntiSpyware gcasDtServ exe C WINDOWS System wisptis exe C PROGRA MOZILLA ORG MOZILLA MOZILLA EXE C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http excite com R - HKLM Software Microsoft Internet Explorer Main Start Page http red clientapps yahoo com customize ie defaults stp ymsgr http www yahoo com O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C PROGRA Yahoo COMPAN Installs cpn ycomp dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO Norton Internet Security - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - Toolbar Yahoo Companion - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn ycomp dll O - Toolbar AIM Search - D A B-D B- d - A - EE F C - C Program Files AIM Toolbar AIMBar dll O - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run ADUserMon C Program Files Iomega AutoDisk ADUserMon exe O - HKLM Run Iomega Drive Icons C Program Files Iom... Read more

A:Solved: Can't get rid of Winfixer popup

Fix this entry

O4 - Startup: WinFix Reminder.lnk = C:\WINFIX5\WINFXCRM.EXE

boot and delete this folder - C:\WINFIX5
 

https://forums.techguy.org/threads/solved-cant-get-rid-of-winfixer-popup.387337/
Relevancy 83.85%

I have cleaned temporary files run adaware AVG and spybot and have a problem with Winfixer and AVG showed virus files I did this hijack a couple of years ago and deleted the problem files Can you guide me as to which files to delete Thanks Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes Popup Winfixer Other Viruses / C WINDOWS System smss exeC WINDOWS system winlogon exeC Winfixer Popup / Other Viruses WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC WINDOWS System CTsvcCDA EXEC Program Files Common Files EPSON EBAPI SAgent exeC WINDOWS System svchost exeC Program Files Sony VAIO Media Music Server SSSvr exeC Program Files Sony Photo Server appsrv PicAppSrv exeC WINDOWS System MsPMSPSv exeC Program Files Common Files Sony Shared VAIO Media Platform sv httpd exeC Program Files Common Files Sony Shared VAIO Media Platform SV Httpd exeC Program Files Common Files Sony Shared VAIO Media Platform UPnPFramework exeC Program Files Common Files Sony Shared VAIO Media Platform UPnPFramework exeC WINDOWS Explorer EXEC WINDOWS LTSMMSG exeC WINDOWS System ezSP Px exeC WINDOWS System WScript exeC Program Files BroadJump Client Foundation CFD exeC WINDOWS System spool DRIVERS W X E S EIC EXEC Program Files Java jre bin jusched exeC PROGRA Grisoft AVGFRE avgcc exeC PROGRA Grisoft AVGFRE avgemc exeC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files Messenger msmsgs exeC Program Files CheckIt CheckIt exeC Program Files Microsoft Office Office FINDFAST EXEC Program Files iPod bin iPodService exeC Program Files Broderbund Mavis Beacon Teaches Typing Standard MiniMavis exeC Program Files Microsoft Office Office OSA EXEC Documents and Settings Best Buy Local Settings Temp Toolkit exeC WINDOWS System svchost exec progra Support com client bin tgcmd exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http www google com ieR - HKCU Software Microsoft Internet Explorer Main Search Page http www google comR - HKCU Software Microsoft Internet Explorer Main Start Page http www google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www sony com vaiopeopleR - HKLM Software Microsoft Internet Explorer Main Default Search URL http www microsoft com isapi redir dll prd ie ar iesearchR - HKLM Software Microsoft Internet Explorer Main Search Page http www microsoft com isapi redir dll prd ie ar iesearchR - HKLM Software Microsoft Internet Explorer Main Start Page http www microsoft com isapi redir dll p B PVER ar homeR - HKLM Software Microsoft Internet Explorer Search SearchAssistant http as starware com dp search x wKX ILE gXzi uPTz zLnHaR - HKCU Software Microsoft Internet Connection Wizard ShellNext iexploreR - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer Provided by Cox High Speed InternetR - Default URLSearchHook is missingO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files adobe acrobat Reader ActiveX AcroIEHelper ocxO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO ATLDistrib Object - C C- DB - - BD -E C A AD - C WINDOWS system vtuts dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Starware - CA D - B- b c- E - AF F C - C Program Files Starware bin Starware dll file missing O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Starware - D E D - C- c a- D - D FF - C Program Files Starware bin Starware dll file missing O - HKLM Run NvCplDaemon RUNDLL EXE NvQTwk NvCplDaemon initializeO - HKLM Run SiSUSBRG C WINDOWS SiSUSBrg ... Read more

A:Winfixer Popup / Other Viruses

Hi bayou,

If you are still having problems,please post a fresh HijackThis log.

http://www.bleepingcomputer.com/forums/t/40587/winfixer-popup-other-viruses/
Relevancy 83.85%

I m having problems with pop ups and Winfixer downloading Help, winfixer popup and Please problem on Please Help, winfixer and popup problem my computer i ve tried using microsoft antispyware and adaware but still have a problem I ran HijackThis here s the report please help Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe Please Help, winfixer and popup problem C WINNT system svchost exe C WINNT System svchost exe C WINNT system rundll exe C WINNT system devldr exe C WINNT system spoolsv exe C WINNT Explorer EXE C WINNT System spool DRIVERS W X printray exe C Program Files QuickTime qttask exe C PROGRA LEXMAR ACMonitor X -X exe C PROGRA LEXMAR AcBtnMgr X -X exe C Program Files Creative ShareDLL CtNotify exe C Program Files NavNT vptray exe C Program Files Microsoft AntiSpyware gcasServ exe C Program Files support com bin tgcmd exe C Program Files Java jre bin jusched exe C WINNT System PackethSvc exe C WINNT Q hyaXMgU xhdWdodGVy command exe C Program Files Creative ShareDLL MediaDet Exe C WINNT System CTsvcCDA exe C Program Files NavNT defwatch exe C Program Files Messenger msmsgs exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINNT system ctfmon exe C Program Files NavNT rtvscan exe C Program Files Microsoft AntiSpyware gcasDtServ exe C Program Files Norton Utilities NPROTECT EXE C Program Files SpywareGuard sgmain exe C Program Files sder dees exe C WINNT System nvsvc exe C WINNT System svchost exe C WINNT System wltrysvc exe C WINNT System bcmwltry exe C Program Files SpywareGuard sgbhp exe C WINNT system MsgSys EXE C Program Files Internet Explorer iexplore exe C WINNT system wuauclt exe C WINNT system icwtod exe C WINNT system icwtod exe C Documents and Settings Chris Slaughter My Documents HijackThis exe C WINNT TEMP ei exe R - Default URLSearchHook is missing O - BHO SpywareGuardDLBLOCK CBrowserHelper - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dll O - Toolbar AIM Search - D A B-D B- d - A - EE F C - C Program Files AIM Toolbar AIMBar dll O - HKLM Run Microsoft Works Portfolio C Program Files Microsoft Works WksSb exe AllUsers O - HKLM Run Microsoft Works Update Detection C Program Files Microsoft Works WkDetect exe O - HKLM Run WorksFUD C Program Files Microsoft Works wkfud exe O - HKLM Run NPS Event Checker C PROGRA NORTON npscheck exe O - HKLM Run PrinTray C WINNT System spool DRIVERS W X printray exe O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run Lexmark X -X Button Monitor C PROGRA LEXMAR ACMonitor X -X exe O - HKLM Run Lexmark X -X Button Manager C PROGRA LEXMAR AcBtnMgr X -X exe O - HKLM Run Disc Detector C Program Files Creative ShareDLL CtNotify exe O - HKLM Run vptray C Program Files NavNT vptray exe O - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKLM Run tgcmd quot C Program Files support com bin tgcmd exe quot server startmonitor deaf O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run UserFaultCheck systemroot system dumprep -u O - HKLM Run AUNPS RUNDLL AUNPS DLL email protected O - HKLM Run WinFixer C Program Files WinFixer wfx exe O - HKLM Run fqgelc C WINNT system fqgelc exe O - HKLM Run BullsEye Network C Program Files BullsEye Network bin bargains exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run ctfmon exe C WINNT system ctfmon exe O - HKCU Run icwtod C WINNT system icwtod exe O - HKCU RunOnce icwtod C WINNT system icwtod exe O - Startup SpywareGuard lnk C Program Files SpywareGuard sgmain exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item amp AIM Search - res C Program Files AIM Toolbar AIMBar dll aimsearch htm O - Extra context menu item E amp xp... Read more

Relevancy 83.85%

Hi This is my first post on the techsupportforum so i go Recently I've been getting popup message when I'm using IE or I'm on my local hardrive the message says Your computer was been infected by unknown trojan It's dangerous for your system critical file can be lost Click Ok to download the Popup Unknown infected System Error by [SOLVED] Trojan antispyware program to clean your System and then i click cancel ------------------------ Here is the log Extra is attached Deckard's System Scanner v Run by Alex on [SOLVED] System Error Popup infected by Unknown Trojan - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- [SOLVED] System Error Popup infected by Unknown Trojan System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Removed Personality Voices - - UTC - RP - Removed Female Voice Pack - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint -- First Restore Point -- - - UTC - RP - Installed DirectX Backed up registry hives Performed disk cleanup -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system ati evxx exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS explorer exe C WINDOWS system spoolsv exe C Program Files OptusNet DSL Internet DSC exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C WINDOWS system rundll exe C WINDOWS system spool drivers w x hpztsb exe C Program Files Winamp winampa exe C Program Files Java jre bin jusched exe C Program Files Alwil Software Avast ashDisp exe C Program Files Microsoft ActiveSync wcescomm exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger msnmsgr exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files CoolMon CoolMon exe C Program Files Microsoft ActiveSync rapimgr exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system svchost exe C Program Files Canon CAL CALMAIN exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system wscntfy exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C Program Files Windows Live Messenger usnsvc exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Alex Desktop dss exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http search optusnet com au brand ODSL amp panel R - HKCU Software Microsoft Internet Explorer Main Start Page http runonce msn com v msgrv R - HKCU Software Microsoft Internet Connection Wizard ShellNext iexplore R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by OptusNet R - HKLM Software Microsoft Internet Explorer Main Default Page URL http dsl optusnet com au O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Sh... Read more

http://www.techsupportforum.com/forums/f284/solved-system-error-popup-infected-by-unknown-trojan-232150.html
Relevancy 83.85%

I have run HijackThis and am going to run CobraFix as recommended on several similar posts For ease in reading the HijackThis Post is here and I ll post again with the cobrafix output Thank you in advance This is so annoying R - HKCU Software Microsoft Internet Explorer Main computer ...'; with Diagnostics 'Your Popup was Virus; Trojan included infected Window Title Windows Internet Explorer provided by Comcast R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB Trojan Virus; Popup with 'Your computer was infected ...'; Diagnostics included D A - - Trojan Virus; Popup with 'Your computer was infected ...'; Diagnostics included E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO Windows Media Player - DF - BD- D- B - EFD BC - C WINDOWS wmpdxm dll O - Toolbar McAfee Trojan Virus; Popup with 'Your computer was infected ...'; Diagnostics included SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dll O - HKLM Run Lexmark X Button Monitor C PROGRA LEXMAR ACMonitor X exe O - HKLM Run Lexmark X Button Manager C PROGRA LEXMAR AcBtnMgr X exe O - HKLM Run PrinTray C WINDOWS System spool DRIVERS W X printray exe O - HKLM Run FLMOFFICE DMOUSE C Program Files Micro Innovations Optical Wheel mouse mouse a exe O - HKLM Run WUSB Gv C Program Files Linksys Wireless-G USB Wireless Network Monitor InvokeSvc exe O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run eFax quot C Program Files eFax Messenger J GDllCmd exe quot R O - HKLM Run mcagent exe C Program Files McAfee com Agent mcagent exe runkey O - HKLM Run SiteAdvisor C Program Files SiteAdvisor SiteAdv exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup eFax lnk C Program Files eFax Messenger J GTray exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Plugin for pdf C Program Files Internet Explorer PLUGINS nppdf dll O - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http update microsoft com windowsupdate v V Controls en x client wuweb site cab O - DPF E A- D- EE - C-DC FA D FC MUWebControl Class - http update microsoft com microsoftupdate v V Controls en x client muweb site cab O - DPF D DC A- - E- - C A CRLDownloadWrapper Class - http drmlicense one microsoft com crlupdate en crlocx ocx O - Service McAfee Application Installer Cleanup mcinstcleanup - McAfee Inc - C DOCUME MARKT LOCALS Temp EXE O - Service Apple Mobile Device - Apple Inc - C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe O - Service Bonjour Service -... Read more

A:Trojan Virus; Popup with 'Your computer was infected ...'; Diagnostics included

Combofix ran as expected except that it the desktop did not return. I had to reboot to get it to come back. I am still getting the same 'infected' popups.

ComboFix 08-03-14.4 - Mark T 2008-03-16 18:35:16.1 - NTFSx86
Running from: C:\Documents and Settings\Mark T\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\151.exe
C:\Program Files\winupdates

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 10:15 . 2008-03-16 10:15 28,672 --a------ C:\log_hijackthis_0315.doc
2008-03-15 17:38 . 2008-03-15 17:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-15 10:21 . 2008-03-16 18:27 8,769 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-15 10:20 . 2008-03-15 10:20 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-15 10:20 . 2008-03-15 13:07 <DIR> d-------- C:\Documents and Settings\Mark T\Application Data\SiteAdvisor
2008-03-15 10:20 . 2008-03-15 10:20 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\SiteAdvisor
2008-03-15 10:20 . 2008-03-15 10:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-03-15 10:17 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-15 10:17 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-15 10:17 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-15 10:17 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-15 10:17 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-15 10:17 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-15 10:15 . 2008-03-15 10:16 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-15 10:15 . 2008-03-15 10:17 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-15 10:14 . 2008-03-15 10:20 <DIR> d-------- C:\Program Files\McAfee
2008-03-15 10:03 . 2008-03-15 10:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-03-15 09:25 . 2008-03-15 09:25 219,136 --a------ C:\WINDOWS\wmpdxm.dll
2008-03-15 09:25 . 2008-03-15 09:25 48 --a------ C:\amp.bat
2008-03-07 17:25 . 2008-03-07 17:25 <DIR> d-------- C:\Documents and Settings\Mark T\Application Data\eFax Messenger
2008-03-07 17:25 . 2008-03-07 17:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\eFax Messenger 4.3 Output
2008-03-07 17:25 . 2008-03-07 17:25 0 --a------ C:\WINDOWS\system32\eFax_4_3_Port
2008-03-07 17:24 . 2008-03-07 17:25 <DIR> d-------- C:\Program Files\eFax Messenger 4.3
2008-03-07 17:24 . 2008-03-07 17:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\eFax Messenger 4.3 Setup
2008-02-26 14:40 . 2008-02-26 14:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-02-25 15:32 . 2008-02-25 16:34 34,755,672 --a------ C:\Program Files\avg75free_516a1262.exe
2008-02-24 14:18 . 2008-03-15 13:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 14:18 . 2008-02-24 14:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 14:10 . 2008-02-24 14:10 <DIR> d-------- C:\Program Files\Bonjour
2008-02-24 14:07 . 2008-02-24 14:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-24 14:07 . 2008-02-24 14:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-24 14:07 . 2008-02-18 12:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 18:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 19:56 --------- d-----... Read more

https://forums.techguy.org/threads/trojan-virus-popup-with-your-computer-was-infected-diagnostics-included.693872/
Relevancy 83.85%

Hi how are you Everytime I open anything from folder trojan Your System unknown is computer popup with Error: infected to my computer I System Error: Your computer is infected with unknown trojan popup get this System Error: Your computer is infected with unknown trojan popup error quot Your computer was infected by unknown trojan It s dangerous for your system System Error: Your computer is infected with unknown trojan popup critical files can be lost Click OK to download the antispyware program to clean your system Recommended quot I ran ad-aware and mcafee Still Nothing I ran hijack and this is what I get Any help would be really appreciate it Thank you so much Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Citrix ICA Client ssonsvr exe C WINDOWS Explorer EXE C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system CTsvcCDA EXE C WINDOWS system DVDRAMSV exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files McAfee Common Framework FrameworkService exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C WINDOWS system TDispVol exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS ehome ehtray exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C Program Files Synaptics SynTP Toshiba exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files Toshiba Tvs TvsTray exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C WINDOWS system dla DLACTRLW exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files McAfee Common Framework UdaterUI exe C Program Files McAfee VirusScan Enterprise Mcshield exe C WINDOWS system TPSBattM exe C Program Files TOSHIBA ConfigFree CFSServ exe C Program Files McAfee Common Framework McTray exe C Program Files McAfee VirusScan Enterprise SHSTAT EXE C Program Files QuickTime qttask exe C Program Files McAfee VirusScan Enterprise VsTskMgr exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system HPZipm exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system RAMASST exe C WINDOWS system svchost exe c TOSHIBA IVP swupdate swupdtmr exe C Program Files TOSHIBA TOSHIBA Applet TAPPSRV exe C WINDOWS system dllhost exe C PROGRA Intel Wireless Bin Dot XCfg exe C Program Files TOSHIBA ConfigFree CFXFER exe C WINDOWS eHome ehmsas exe C toshiba ivp netint netint exe C toshiba ivp ism pinger exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www toshibadirect com dpdstart O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Adobe PDF Reader Link Helper - A D -EBA - -AB - BF FF EA - C WINDOWS AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan Enterprise scriptcl dll O - HKLM Run TFncKy TFncKy exe O - HKLM Run TDispVol TDispVol exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run ig... Read more

Relevancy 83.85%

Hi I Computer Your Ie System Trojan.. Unknown Infected Popup By Was Error: keep getting this pop-up window message whenever I click on any link in my Internet Explorer System ErrorYour computer was infected by an unknown trojan It's dangerous for your system Critical Files can be lost Click OK to download the antispyware problem to clean your system Recommended It has also highjacked the yahoo and google search results so I have to now copy and paste them to the browser Please let me know what should I do to clean this Please help Please let me know if you want me to post it in some other forum Thanks I am attaching HIjackthis log Logfile of Trend Micro Ie Popup System Error: Your Computer Was Infected By Unknown Trojan.. HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Ie Popup System Error: Your Computer Was Infected By Unknown Trojan.. Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC Ie Popup System Error: Your Computer Was Infected By Unknown Trojan.. WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Network Associates Common Framework FrameworkService exeC Program Files Network Associates VirusScan Mcshield exeC Program Files Network Associates VirusScan VsTskMgr exeC PROGRA NETWOR COMMON naPrdMgr exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS ehome mcrdsvc exeC Program Files Canon CAL CALMAIN exeC WINDOWS ehome ehtray exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Network Associates VirusScan SHSTAT EXEC Program Files Network Associates Common Framework UpdaterUI exeC Program Files Windows Defender MSASCui exeC WINDOWS V Mon exeC Program Files Creative Creative Live Cam VideoFX StartFX exeC WINDOWS system dllhost exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC WINDOWS eHome ehmsas exeC WINDOWS System alg exeC WINDOWS System svchost exeC Program Files Logitech QuickCam Quickcam exeC Program Files Messenger msmsgs exeC Documents and Settings Vibhav and Sakshi Local Settings Application Data Google Update GoogleUpdate exeC Program Files Google Google Updater GoogleUpdater exeC Documents and Settings Vibhav and Sakshi Local Settings Application Data YouTube Uploader youtubeuploader exeC Program Files Common Files Logishrd LQCVFX COCIManager exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Enigma Software Group SpyHunter SpyHunter exeC Program Files Internet Explorer iexplore exeC WINDOWS system mspaint exeC Documents and Settings Vibhav and Sakshi Desktop HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microso... Read more

A:Ie Popup System Error: Your Computer Was Infected By Unknown Trojan..

Is this the problem line?? I have no clue but just browsing through web i gathered this, i may be wrong...thanks!

O2 - BHO: Sysem Player - {2AE4C401-AAC4-4F41-9665-1EC88C3BDD7D} - C:\WINDOWS\sysvol32.dll

http://www.bleepingcomputer.com/forums/t/129905/ie-popup-system-error-your-computer-was-infected-by-unknown-trojan/
Relevancy 83.85%

I keep getting WinFixer and Sexbuddies pop ups Also theres a couple of others some gambling site of which I never grabbed the name of and one for a Registery Cleaner I've ran CWShredder Spybot Microsoft Antispyware AVG and Ad-Awareand nothings being found Here is my HijackThis log quot Logfile of HijackThis v Scan saved at on Platform Windows XP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System problem! up pop Sexbuddies/Winfixer svchost exe C WINDOWS Explorer EXE C Sexbuddies/Winfixer pop up problem! WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C WINDOWS SOUNDMAN EXE C Program Files Logitech Video LogiTray exe C Program Files Lexmark X Series lxbkbmgr exe C Program Files Java j re bin jusched exe C Program Files Messenger Plus MsgPlus exe C Program Files Microsoft Hardware Keyboard type exe C Program Files QuickTime qttask exe C Program Files Microsoft AntiSpyware gcasServ exe C Program Files Lexmark X Series lxbkbmon exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files AOL a aoltray exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files Microsoft AntiSpyware gcasDtServ exe C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS System svchost exe C WINDOWS wanmpsvc exe C Program Files Internet Explorer iexplore exe C Documents and Settings JuJo NYEH-TLR C W V Desktop hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www livejournal com userinfo omg lyk stfu Sexbuddies/Winfixer pop up problem! R - HKLM Software Microsoft Internet Explorer Main Start Page http www livejournal com userinfo omg lyk stfu R - Default URLSearchHook is missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO Sexbuddies/Winfixer pop up problem! ATLDistrib Object - C C- DB - - BD -E C A AD - C WINDOWS System geeby dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run LogitechVideoRepair C Program Files Logitech Video ISStart exe O - HKLM Run LogitechVideoTray C Program Files Logitech Video LogiTray exe O - HKLM Run Lexmark X Series quot C Program Files Lexmark X Series lxbkbmgr exe quot O - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exe O - HKLM Run MessengerPlus quot C Program Files Messenger Plus MsgPlus exe quot O - HKLM Run IntelliType quot C Program Files Microsoft Hardware Keyboard type exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKLM Run iexplore exe C Program Files Internet Explorer iexplore exe O - HKLM Run LogitechGalleryRepair C Program Files Logitech Video ISStart exe O - HKLM Run AdwareAlert C Program Files AdwareAlert adwarealert Exe -boot O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKCU Run MessengerPlus quot C Program Files Messenger Plus MsgPlus exe quot WinStart O - HKCU Run Yahoo Pager C PROGRA Yahoo MESSEN ypager exe -quiet O - Global Startup Adobe Gamma Loader lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Global Startup AOL Tray Icon lnk C Program Files AOL a aoltray exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item amp Google Search - res c program files google GoogleToolbar dll cmsearch html O - Extra context menu item amp Translate English Word - res c program files google GoogleToolbar dll cmwordtrans html O - Extra context menu item Backward Links - r... Read more

A:Sexbuddies/Winfixer pop up problem!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *


Download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt when you have completed the fix.

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install - CleanUp.exe (not recommended for WinXP64)

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab


* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs: AdwareAlert
Please note any other programs that you dont recognize in that list in your next response


* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab. Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK
Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\Program Files\AdwareAlert\

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! does not create any backups!!


* * * * * *


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please in... Read more

http://www.techsupportforum.com/forums/f284/sexbuddies-winfixer-pop-up-problem-86035.html
Relevancy 83.85%

Random popups from adultfriendfinder com sexbuddies com winfixer com etc are appearing on my desktop even without using IE Everything else seems very cleaned and virus spyware free I need help Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system Sexbuddies/winfixer Popups lsass exeC WINDOWS System Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Sexbuddies/winfixer Popups Symantec AntiVirus DefWatch exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS System Sexbuddies/winfixer Popups svchost exeC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS Explorer EXEC WINDOWS AGRSMMSG exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Java j re bin jusched exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files iTunes iTunesHelper exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Common Files AOL ee AOLSoftware exeC WINDOWS system ctfmon exeC PROGRA Lavasoft AD-AWA Ad-Watch exeC Program Files iPod bin iPodService exeC Program Files Microsoft Office OFFICE WINWORD EXEC Program Files Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE t ilion pf laptopR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE t ilion pf laptopO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO WTLHelper Object - DC F -D - AB - B - F F A - C WINDOWS system iifca dllO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run ATIModeChange Ati mdxx exeO - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exeO - HKLM Run Cpqset C Program Files HPQ Default Settings cpqset exeO - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exeO - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot rO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptray C PROGRA SYMANT VPTray exeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ViewMgr C Program Files Viewpoint Viewpoint Manager ViewMgr exeO - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run AWMON quot C PROGRA Lavasoft AD-AWA Ad-Watch exe quot O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button Yahoo Messenger - E D C E- B F- D -B C - C C - C PROGRA Yahoo MESSEN YPager exeO - Extra 'Tools' menuitem Yahoo Messenger - E D C E- B F- D -B C - C C - C PROGRA Yahoo MESSEN YPager exeO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe file missing O - Extra 'Tools' menuitem Window... Read more

A:Sexbuddies/winfixer Popups

Hi clandestinetrousers ,Welcome to BC. Please download vundofix.exe to your desktop. Double-click VundoFix.exe to run it. ? Click the Scan for Vundo button. ? Once it's done scanning, click the Remove Vundo button. ? You will receive a prompt asking if you want to remove the files, click YES ? Once you click yes, your desktop will go blank as it starts removing Vundo. ? When completed, it will prompt that it will shutdown your computer, click OK. ? Turn your computer back on. ? Please post the contents of C:\vundofix.txt and a new HiJackThis log

http://www.bleepingcomputer.com/forums/t/45705/sexbuddieswinfixer-popups/
Relevancy 82.99%

Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS system hpnra exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Microsoft Ad Infection Winfixer Popup/virtumonde Office Office OLFSNT EXEC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC PROGRA Grisoft AVGFRE avgemc exeC WINDOWS system Winfixer Ad Popup/virtumonde Infection svchost exeC Program Files Outlook Express msimn exeC PROGRA Yahoo MESSEN YAHOOM EXEC Program Files mIRC mirc exeC Program Files Winfixer Ad Popup/virtumonde Infection Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page Winfixer Ad Popup/virtumonde Infection http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaul www yahoo comR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run HP Network Registry Agent C WINDOWS system hpnra exeO - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKCU Run Yahoo Pager quot C PROGRA Yahoo MESSEN YAHOOM EXE quot -quietO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - Global Startup Adobe Gamma Loader lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exeO - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXEO - Global Startup Symantec Fax Starter Edition Port lnk C Program Files Microsoft Office Office OLFSNT EXEO - Extra context menu item amp Yahoo Search - file C Program Files Yahoo Common ycsrch htmO - Extra context menu item Yahoo amp Dictionary - file C Program Files Yahoo Common ycdict htmO - Extra context menu item Yahoo amp Maps - file C Program Files Yahoo Common ycmap htmO - Extra context menu item Yahoo amp SMS - file C Program Files Yahoo Common ycsms htmO - Extra button Yahoo Services - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windo... Read more

A:Winfixer Ad Popup/virtumonde Infection

Hello izahesa and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.Let's try a different scanner and see what it shows us. Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.Under Additional Scans click the checkboxes in front of the following items to select them:Approved Shell Extensions
Desktop Components
Disabled MS Config Items
Policy Settings
Security Settings
Additional Folder ScansNow click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.Cheers.OT

http://www.bleepingcomputer.com/forums/t/84559/winfixer-ad-popupvirtumonde-infection/
Relevancy 82.99%

Well I Infection Winfixer Virtumonde / Ad Popup started recieving popups and messages from Systematic Antivirus stating that I had Trojan vundo The antivirus tried over and over and over to remove the problem however Winfixer Ad Popup / Virtumonde Infection it never could I have tried many spyware spybot ad-aware etc and antivirus programs and nothing will work Finally the antivirus is not popping up with Trojan vundo messages but now whenever I startup I receive an Error loading C Documents and Settings tlbrown Local Settings Temp pmkjg dll The specified module could not be found and I still receive popups when I have an internet browser open Could someone please help Winfixer Ad Popup / Virtumonde Infection me out I would really appreciate it Below is the log file Winfixer Ad Popup / Virtumonde Infection of HijackThis Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Symantec AntiVirus SavRoam exeC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS system userinit exeC WINDOWS Explorer EXEC WINDOWS system wuauclt exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Analog Devices Core smax pnp exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files QuickTime qttask exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - A A -A - -B - FF D D - C WINDOWS system lyntdlnr dllO - HKLM Run igfxtray C WINDOWS system igfxtray exeO - HKLM Run igfxhkcmd C WINDOWS system hkcmd exeO - HKLM Run igfxpers C WINDOWS system igfxpers exeO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptray C PROGRA SYMANT VPTray exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run icq com rundll exe quot C WINDOWS system rnkbderx dll quot forkonceO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run cmds rundll exe C DOCUME tlbrown LOCALS Temp pmkjg dll CreateProtectProcO - Global Startup AutoCAD LT Startup Accelerator lnk C Program Files Common Files Autodesk Shared acstart exeO - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXEO - Extra context menu item amp Google Search - res C Program Files Google GoogleToolbar dll cmsearch htmlO - Extra context menu item amp Translate English Word - res C Program Files Google GoogleToolbar dll cmwordtrans htmlO - Extra context menu item Backward Links - res C Program Files Google GoogleToolbar dll cmbacklinks htmlO - Extra context menu item Cached Snapshot of Page - res C Program Files Google GoogleToolbar dll cmcache htmlO - Extra context menu item Similar Pages - res C Pro... Read more

A:Winfixer Ad Popup / Virtumonde Infection

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

http://www.bleepingcomputer.com/forums/t/100374/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Greetings,
This is my first post and I'm not computer savy, but I'll try to be as detailed as possible. I have windows XP. I have been invaded by something. Symptoms: "winfixer.com-error detected." followed by a frozen, or blank screen. Everytime I check my security settings status, it says firewall on, but when I check the actual setting, it is off. If I go to a website and follow a link to another website, when I try to go back to the previous site, I am getting a blank screen, or being kicked off the web. Finally,the computer is taking much time to load my settings.
Any help greatly appreciated.
Myles
 

Relevancy 82.99%

Help Please I'm using firefox but somehow IE got infected as I am getting popups through IE even when I'm surfing with firefox I've run ad-aware Spy-Bot Norton and Bit Defender and Mc Afee Stinger Have restarted me system but still get popups even some while typing this post Also Winfixer Ad-misc Popups Popup while I'm surfing my system will restart Winfixer Popup Ad-misc Popups and then say no boot disk available and I need to insert a boot disk I don't know if they are related or not but this is driving me crazy Any help would be greatly appreciated Here is my HJT logLogfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Common Files Symantec Shared ccSetMgr exeC PROGRA NORTON NORTON GHOSTS EXEC Program Files Norton SystemWorks Norton Antivirus navapsvc exeC PROGRA NORTON NORTON NPROTECT EXEC Program Files Norton SystemWorks Norton Antivirus SAVScan exeC PROGRA NORTON NORTON SPEEDD NOPDB EXEC WINDOWS System svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared Security Center SymWSC exeC windows system hpsysdrv exeC HP KBD KBD EXEC WINDOWS system VTTimer exeC WINDOWS LTMSG exeC Program Files Multimedia Card Reader shwicon k exeC WINDOWS ALCXMNTR EXEC Program Files Common Files Symantec Shared ccApp exeC Program Files Norton SystemWorks Norton Ghost GhostStartTrayApp exeC Program Files Norton SystemWorks Password Manager AcctMgr exeC Program Files QuickTime qttask exeC WINDOWS system spool drivers w x hpztsb exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC WINDOWS system hphmon exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC WINDOWS system HPZipm exeC Program Files HP Digital Imaging bin hpqgalry exeC Program Files Mozilla Firefox firefox exeC hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer SearchURL http home microsoft com search lobby search aspR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie search msn comR - HKCU Software Microsoft Internet Explorer Main Start Page http www msn comR - HKLM Software Microsoft Internet Explorer Main Start Page http www msn comO - Toolbar HP View - B E - D D- DEB- B - D BCF F - no file O - Toolbar no name - C -E D- c -AA D- AC BABA C - no file O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton SystemWorks Norton Antivirus NavShExt dllO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run KBD C HP KBD KBD EXEO - HKLM Run AutoTKit C hp bin AUTOTKIT EXEO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run VTTimer VTTimer exeO - HKLM Run LTMSG LTMSG exe O - HKLM Run PS C WINDOWS system ps exeO - HKLM Run Sunkist k C Program Files Multimedia Card Reader shwicon k exeO - HKLM Run AlcxMonitor ALCXMNTR EXEO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run GhostStartTrayApp C Program Files Norton SystemWorks Norton Ghost GhostStartTrayApp exeO - HKLM Run AcctMgr C Program Files Norton SystemWorks Password Manager AcctMgr exe startupO - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe ConsumerO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run HPDJ Taskbar Utility C WINDOWS system spool drivers w x hpztsb exeO - HKLM Run HPHUPD C Program Files HP AAC FC - F - - DD -EBC C D hphupd exeO - HKLM Run HP Software Update quot C Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM... Read more

A:Winfixer Popup Ad-misc Popups

Hi,You have probably been helped elsewhere, but if you still need help can you post a new log from HijackThis. The notification system will tell me that you posted.In case you are not using the latest version of HijackThis (1.99.1), please download the latest version from one of these addresses:http://www.bleepingcomputer.com/files/hijackthis.phphttp://209.133.47.12/~merijn/files/HijackThis.exehttp://www.downloads.subratam.org/hijackthis.zip

http://www.bleepingcomputer.com/forums/t/40421/winfixer-popup-ad-misc-popups/
Relevancy 82.99%

Logfile of HijackThis v Winfixer Ad Infection / Popup Virtumonde Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Microsoft Windows OneCare Live Antivirus MSMPSVC exeC Program Files Windows Defender MsMpEng exeC Program Files Microsoft Windows OneCare Live Antivirus MpEng exeC WINDOWS System svchost exeC Program Files Winfixer Ad Popup / Virtumonde Infection Internet Explorer iexplore exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC windows system hpsysdrv exeC WINDOWS system hphmon exeC Program Files QuickTime qttask exeC Program Files Microsoft Windows OneCare Live winssnotify exeC Program Files Windows Defender MSASCui exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system svchost exeC Program Files Microsoft Windows OneCare Live Firewall msfwsvc exeC Program Files Microsoft Windows OneCare Live winss exeC WINDOWS system HPZipm exeC Program Files Internet Explorer iexplore exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Start Page http oklahomacity cox net cci homeR - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaul www yahoo comR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file F - REG system ini UserInit userinit exeO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO PaltalkWebLogin - C BA - C E- -BC -C E B F - C Program Files Common Files Paltalk PaltalkWebLogin dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO InfoDocReader Object - A B A B- E- -AFF -CCAE D BF D - C WINDOWS system awvts dllO - Toolbar HP view - B E - D D- DEB- B - D BCF F - c Program Files HP Digital Imaging bin HPDTLK dllO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HPHUPD c Program Files HP AAC FC - F - - DD -EBC C D hphupd exeO - HKLM Run HPHmon C WINDOWS system hphmon exeO - HKLM Run KBD C HP KBD KBD EXEO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run VTTimer VTTimer exeO - HKLM Run PS C WINDOWS system ps exeO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run OneCareUI quot C Program Files Microsoft Windows OneCare Live winssnotify exe quot O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hideO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run Winsvr C DOCUME HP Owner LOCALS Temp tmp exeO - HKCU Run WinMedia C DOCUME HP Owner LOCALS Temp tmp exeO - Global Startup HP Digital Imaging Monitor lnk C Program Files HP Digital Imaging bin hpqtra exeO - HKCU Software Policies Microsoft Internet Explorer Restrictions presentO - HKCU Software Policies Microsoft Internet Explorer Control Panel presentO - Extra context menu item Add To HP Organize - C PROGRA HEWLET HPORGA bin core hp main SendTo htmlO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MI OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dl... Read more

A:Winfixer Ad Popup / Virtumonde Infection

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

http://www.bleepingcomputer.com/forums/t/60304/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

I believe I have an issue with a Virtumonde infection Spybot is finding the infection but cannot remove I have also tried a couple Virtumonde removal tools I was reading that it could possibly a variant so I decided to post a log here and see if I could get some advice Im getting random popups and windows automatic updates is disabled for some reason and wont re-enable Thanks Deckard's System Scanner v Run by Justin on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled attempting to re-enable success -- Last Restore Point s -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Justin exe ----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss Infection Winfixer Popup Virtumonde Ad / exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC WINDOWS system svchost exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files ActivIdentity ActivClient acevents exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS Winfixer Ad Popup / Virtumonde Infection system spoolsv exeC WINDOWS System SCardSvr exeC Program Files ActivIdentity ActivClient acautoup exeC Program Files ActivIdentity ActivClient accoca exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Nero Nero Nero BackItUp NBService exeC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files CyberLink Shared files RichVideo exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS system svchost exeC WINDOWS system svchost exeE Program Files Wiperaser WiperaserSvc exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS ehome mcrdsvc exeC WINDOWS system wbem wmiprvse exeC WINDOWS system dllhost exeC WINDOWS system wscntfy exeC WINDOWS System alg exeC WINDOWS ehome ehtray exeC Program Files Intel Wireless bin ZCfgSvc exeC WINDOWS eHome ehmsas exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS system rundll exeC Program Files SigmaTel C-Major Audio WDM stsystra exeC Program Files Dell QuickSet quickset exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system RUNDLL EXEC Program Files ActivIdentity ActivClient accrdsub exeC WINDOWS system taskswitch exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Dell Support Center bin sprtcmd exeC WINDOWS system rundll exeC WINDOWS system Rundll exeC WINDOWS system ctfmon exeC Program Files The Weather Channel FW Desktop Weather DesktopWeather exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files ActivIdentity ActivClient acevents exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Intel Wireless Bin Dot XCfg exeC WINDOWS System svchost exeC PROGRA COMMON SYMANT CCPD-LC symlcsvc exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Documents and Settings Justin Desktop dss exeC WINDOWS system wbem wmiprvse exeC PROGRA TRENDM HIJACK Justin exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com f... Read more

A:Winfixer Ad Popup / Virtumonde Infection

Hello superbeast_87 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Save the file to your desktop or other location where you can find it back.Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post). Cheers.OT

http://www.bleepingcomputer.com/forums/t/152230/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Ok so I downloaded what I thought to be Popup/ Winfixer Virtumonde Ad Infection software for my psp and it turns out it wasnt and that it was just full of a Winfixer Ad Popup/ Virtumonde Infection bunch of garabage As soon as I ran the setup for it my computer started acting up and a bunch of weird stuff started coming up Now when I start my computer after a few minutes my background is covered by like some picture advertising some anit virus software but I just scroll to the top and close it I ran a virus snan and clean with NOD and I got rid of everything but virtumonde and NOD keeps on coming up with a warning like this I ran the VundoFix given from this website and it didnt work so I proceeded in trying the VirtumundoBeGone in safe mode with networking and that didnt work either so now im trying this Heres the DSS and HIjack this logMain txtDeckard's System Scanner v Run by Owner on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Installed AVG - - UTC - RP - Installed TI Connect - - UTC - RP - Last known good configuration - - UTC - RP - System Checkpoint-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup Percentage of Memory in Use more than Total Physical Memory MiB MiB recommended -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS system smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS explorer exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC WINDOWS system ctfmon exeC Program Files Java jre bin jusched exeC WINDOWS system hpsysdrv exeC WINDOWS system hphmon exeC hp KBD kbd exeC WINDOWS system VTTimer exeC WINDOWS ltmsg exeC Program Files Multimedia Card Reader shwicon k exeC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC Program Files Lexmark X Series lxbkbmgr exeC WINDOWS ALCXMNTR EXEC Program Files Lexmark X Series lxbkbmon exeC Program Files PowerISO PWRISOVM EXEC Program Files ESET nod krn exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files ESET nod kui exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files OneStepSearch onestep exeC WINDOWS system HPZipm exeC Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exeC WINDOWS system svchost exeC Program Files Yahoo Messenger Ymsgr tray exeC Program Files Compaq Connections Program BackWeb- exeC Program Files Viewpoint Common ViewpointService exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Microsoft Office Office ONENOTEM EXEC Program Files OneStepSearch onestep exeC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC Program Files HP Digital Imaging bin hpqste exeC WINDOWS system wuauclt exeC Documents and Settings Owner Desktop dss exeC WINDOWS system mspaint exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http qus hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-qus hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Bar http srch-qus hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Page http srch-qus hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page http www windowsxlive netR - HKLM Software Microsoft Internet Explorer Main Default Page URL http qus hpwis com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http srch-qus hpwis... Read more

A:Winfixer Ad Popup/ Virtumonde Infection

Please download SmitfraudFix (by S!Ri)Double-click SmitfraudFix.exe.Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmPost back with the smitfraudfix log & a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/140765/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

I think I have either the Winfixer or the Virtumonde virus My symptoms are as follows whenever I launch Internet Explorer I can surf the net for a Infection Ad Winfixer Popup / Virtumonde few minutes but then I get a bunch of popups particularly those advertising quot sex partners quot and WinAntiVirus Pro and eventually I get an error message and Internet Explorer closes and reopens Also I am unable to connect to certain sites such as those that provide updates to Adaware SE and Norton Antivirus My HiJack This Winfixer Ad Popup / Virtumonde Infection log is below Any help would be greatly appreciated Thank you Logfile of HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exeC WINNT system winlogon exeC WINNT Winfixer Ad Popup / Virtumonde Infection system services exeC WINNT system lsass exeC WINNT system svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINNT system spoolsv exeC WINNT system acs exeC WINNT System Ati evxx exeC Program Files Common Files Symantec Shared ccProxy exeC WINNT System CTsvcCDA EXEC WINNT System svchost exeC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC WINNT system regsvc exeC Program Files Norton Internet Security Norton AntiVirus SAVScan exeC WINNT system MSTask exeC Program Files Common Files Symantec Shared SNDSrvc exeC WINNT system stisvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINNT Explorer EXEC WINNT System WBEM WinMgmt exeC WINNT System MsPMSPSv exeC WINNT system svchost exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Common Files E BF - BD- - - Update exeC Program Files Belkin Cardbus F D Wireless Utility Belkinwcui exeC Program Files NETGEAR MA Configuration Utility wlancfg exeC Program Files WinZip WZQKPICK EXEC WINNT System svchost exeC WINNT system wuauclt exeC unzipped hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaul www yahoo comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer as r attbi com R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO myBar BHO - D D -F E - ad- A - ECE AC - C Program Files MyWay myBar bin MYBAR DLLO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO no name - DE CB- - A - B - AA FAD D - C WINNT system awvur dll file missing O - BHO no name - FD B C-A - ea- FD - D E E - C WINNT system jwvhcxet dllO - BHO no name - A E D -B E- A- -DBBEC B - C Program Files VSAdd-in VSAdd-in dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - B... Read more

A:Winfixer Ad Popup / Virtumonde Infection

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\Double-click VundoFix.exe to run it.click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YES.Once you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HijackThis log.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.===================1 Download this file : http://download.bleepingcomputer.com/sUBs/...aB/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall====================Download Superantispywarehttp://www.superantispyware.com/superantis...efreevspro.html Install it and double-click the icon on your desktop to run it.? It will ask if you want to update the program definitions, click Yes.? Under Configuration and Preferences, click the Preferences button.? Click the Scanning Control tab.? Under Scanner Options make sure the following are checked:o Close browsers before scanningo Scan for tracking cookieso Terminate memory threats before quarantining.o Please leave the others unchecked.o Click the Close button to leave the control center screen.? On the main screen, under Scan for Harmful Software click Scan your computer.? On the left check C:\Fixed Drive.? On the right, under Complete Scan, choose Perform Complete Scan.? Click Next to start the scan. Please be patient while it scans your computer.? After the scan is complete a summary box will appear. Click OK.? Make sure everything in the white box has a check next to it, then click Next.? It will quarantine what it found and if it asks if you want to reboot, click Yes.? To retrieve the removal information for me please do the following:o After reboot, double-click the SUPERAntispyware icon on your desktop.o Click Preferences. Click the Statistics/Logs tab.o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.o It will open in your default text editor (such as Notepad/Wordpad).o Please highlight everything in the notepad, then right-click and choose copy.? Click close and close again to exit the program.? Please paste that information here for me with a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/77299/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Dear My Internet Explorer will always popup to certain site when i switch on my pc like www renyu Virtumonde Popup Ad / Winfixer Infection netwww Winfixer Ad Popup / Virtumonde Infection tip netwww kuaiche netand my internet explorer home page will always change when i switch on my pc is there anyway to remove it without reformatting pc Please advise Thanks Logfile of HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files AntiVir PersonalEdition Classic sched exeC Program Files AntiVir PersonalEdition Classic avguard exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system svchost exeC WINDOWS Explorer EXEC Program Files Java jre bin jusched exeC Program Files Folder Lockbox flockbox exeC PROGRA Sony SONICS SsAAD exeC WINDOWS system ctfmon exeC Program Files Common Files Teleca Shared CapabilityManager exeC Program Files Opera Opera exeC Program Files AntiVir PersonalEdition Classic avgnt exeC Program Files HijackThis HijackThis exeO - Hosts survey allyes comO - Hosts adtaobao allyes comO - Hosts code qihoo comO - Hosts union mop comO - Hosts js kkunion comO - Hosts v kkunion comO - Hosts v cn comO - Hosts iplusms allyes comO - Hosts mms t t comO - Hosts ivr dobig netO - Hosts www u u comO - Hosts u u u comO - Hosts img zhangxiu comO - Hosts tl linktone comO - Hosts channel e comO - Hosts u town comO - Hosts union ol com cnO - Hosts mms ol com cnO - Hosts mfs ol com cnO - Hosts tl a comO - Hosts ad a comO - Hosts u caiku comO - Hosts mms caiku comO - Hosts code caiku comO - Hosts pub lele comO - Hosts u lele comO - Hosts town comO - Hosts tvsend town comO - Hosts ivrsend town comO - Hosts tlt town comO - Hosts gsend town comO - Hosts smssend town comO - Hosts mmssend moyu comO - Hosts ivr comO - Hosts myad ivr comO - Hosts u ivr comO - Hosts union ivr comO - Hosts cm p p cn yahoo comO - Hosts un comO - Hosts union qq comO - Hosts view aliunion cn yahoo comO - Hosts union narrowad comO - Hosts ln heima comO - Hosts www fboat cnO - Hosts cpro baidu comO - Hosts unstat baidu comO - Hosts y cnxad comO - Hosts www ewowo comO - Hosts template union comO - Hosts new is comO - Hosts creative unionsys bolaa comO - Hosts www qyule comO - Hosts e ccO - Hosts www ivr comO - Hosts mg ukaka comO - Hosts kooxoo ad all netO - Hosts www fff comO - Hosts union pomoho comO - Hosts O - Hosts www end comO - Hosts w clink comO - Hosts w clink comO - Hosts union comO - Hosts click le le comO - Hosts stbanner allyes comO - Hosts mms moyu comO - Hosts u moyu comO - Hosts mmsu moyu comO - Hosts show moyu comO - Hosts ivrsend moyu comO - Hosts ivru moyu comO - Hosts ivr moyu comO - Hosts corep dmcast comO - Hosts m dmcast comO - Hosts dcww dmcast comO - Hosts renren dmcast comO - Hosts files henbang netO - Hosts bannerbox cnO - Hosts www bannerbox cnO - Hosts action coopen cnO - Hosts u sky cnO - Hosts u sky cnO - Hosts u sky cnO - Hosts u sky cnO - Hosts sky cnO - Hosts u sky cnO - Hosts u ete cnO - Hosts ip alexaanywhere comO - Hosts www tan comO - Hosts www winopen cnO - Hosts www tanip comO - Hosts alexaanywhere comO - Hosts jssb alexaanywhere comO - Hosts ns alexaanywhere comO - Hosts sb alexaanywhere comO - Hosts ip alexaanywhere comO - Hosts pop v cnO - Hosts xuni myad cnO - Hosts iebar t t comO - Hosts error newcell cnO - Hosts auto search msn comO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO BHOHelper Class - A DD - D- AB-B C- D DD A - C Program Files real atloader dllO - BHO BHOHelper Class - A DD - D- AB-B C- D DD A - C Program Files real atloader dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f-... Read more

A:Winfixer Ad Popup / Virtumonde Infection

Hello HelpFong, I am SifuMike and I will be helping you. Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log. ******************Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the program1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray. 6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows". 7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here. 8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet. Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". 1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.2.) At the top, under Main choose: Select All3.) Click the Empty Selected button.If you use the Firefox browser:1.) At the top, click Firefox and choose: Select All2.) Click the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click NO at the prompt.If you use the Opera browser:1.) At the top, click Opera and choose: Select All2.) Click the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click NO at the prompt.Scan with AVG Anti-Spyware 7.5 as follows: 1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab. Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware. Under "How to Scan?" check all (default). Under "Possibly unwanted software" check all (default). Under "What to Scan?" make sure "Scan every file" is selected (default). Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found". 2. Click the "Scan" tab to return to scanning options. 3. Click "Complete System Scan" to start. 4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actio... Read more

http://www.bleepingcomputer.com/forums/t/79567/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Hi I've been infected with some nasty virus It creates Winfixer popups and / Popup Virtumonde Ad Winfixer Infection many more Winfixer Ad Popup / Virtumonde Infection and is causing my computer to run quite slowly I have ran checks with Norton and Windows Defender with no luck and I have Ad-Aware SE installed with the latest updates which no matter how many times I run it always comes up with more adware spyware I have VundoFix installed and it seemed to get rid of most of the files bar a couple located in C Windows System file name sstqq dll qqtss ini qqtss bak It can't seem to get rid of these so I also ran Virtumundo Be Gone in safe mode and that also hasn't appeared to work This is the log it presents me with - VirtumundoBeGone v quot C Documents and Settings James Desktop VirtumundoBeGone exe quot - Detected System Information - Windows Version Service Pack - Current Username James Admin - Windows is in SAFE mode with Networking - Searching for Browser Helper Objects - BHO E F-C D - D -B D- B D BE B AcroIEHlprObj Class - BHO CA D E- - CF- E - DriveLetterAccess - BHO BB-D F - C-B EB-D DAF D D SSVHelper Class - BHO ECB - F - bbc- D- DDF E CNisExtBho Class - BHO AA ED - DD- d - -CF F Google Toolbar Helper Winfixer Ad Popup / Virtumonde Infection - BHO BDF E -B - AD-A -FADC B CNavExtBho Class - BHO E A- D F- B -B DF-AE AEF A B DPCUpdater Object - Finished Searching Browser Helper Objects - Finishing up - Nothing found Exiting I have since installed McAfee Stinger and it didn't find anything that I didn't know about so I'm at a loose end really Also if anything is unclear or you need more info please ask Thanks in advance Here is my Hijackthis log Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Norton Internet Security ISSVC exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC Program Files Alcohol Soft Alcohol StarWind StarWindService exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system wdfmgr exeC WINDOWS System alg exeC Program Files Java jre bin jusched exeC WINDOWS stsystra exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files iRiver HSeries iHPDetect exeC Program Files BroadJump Client Foundation CFD exeC PROGRA ntl BROADB SMARTB MotiveSB exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Picasa PicasaMediaDetector exeC Program Files Windows Defender MSASCui exeC Program Files Dell Support DSAgnt exeC Program Files MSN Messenger MsnMsgr ExeC Program Files Belkin Belkin g Wireless PCI Card Configuration Utility utility exeC Program Files Digital Line Detect DLG exeC Program Files ntl broadband medic bin mpbtn exeC WINDOWS System svchost exeC Program Files Microsoft Works WksWP exeC Program Files Microsoft Works MSWorks exeC Program Files Microsoft Works wkgdcach exeC Program Files Internet Explorer iexplore exeC WINDOWS system wuauclt exeC Program Files Common Files Symantec Shared AdBlocking NSMdtr exeC Program Files Winamp Winamp exeC Progr... Read more

A:Winfixer Ad Popup / Virtumonde Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I don't want to seem repetitive, but Vundofix is updated very frequently and I'm not sure what version you have. If you can pacify me for the moment and delete the version that you have downloaded now and then proceed with these steps, we'll get you fixed up.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

http://www.bleepingcomputer.com/forums/t/62480/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Hey I have been getting these annoying Winfixer popups on my computer It was originally detected as the vundo trojan so I removed it with the Vundofix program This did not solve my problem so I tried again with both the vundofix and Solved: popup problem... Winfixer Another virtumonde fix programs After still receiving the Solved: Another Winfixer popup problem... popups I ran a panda activescan and it did not detect anything To me it looks like the problem may be caused by this fccbb dll file I have tried eliminating this file using Cleanup and Killbox as per a post in this thread http forums techguy org security -solved-winfixer-vundo-infection html to no avail I would greatly appreciate any help you guys could provide TIA Here s my HJT file Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files Intel Wireless Bin ZcfgSvc exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccEvtMgr exe C PROGRA Intel Wireless Bin XConfig exe C WINDOWS system spoolsv exe C Program Files Symantec Client Security Symantec AntiVirus DefWatch exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Intel Wireless Bin RegSrvc exe C Program Files Symantec Client Security Symantec AntiVirus Rtvscan exe C WINDOWS system ctfmon exe C WINDOWS system hkcmd exe C Program Files Java j re bin jusched exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Musicmatch Musicmatch Jukebox mmtask exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files Symantec Shared ccApp exe C PROGRA SYMANT SYMANT VPTray exe C Program Files MessengerPlus MsgPlus exe C PROGRA DELLSU DSAgnt exe C Program Files Digital Line Detect DLG exe C Program Files MSN Messenger msnmsgr exe C Program Files BitTornado btdownloadgui exe C Program Files BitTornado btdownloadgui exe C Documents and Settings Amanda Dawn My Documents Random Stuff HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell ca myway R - HKCU Software Microsoft Internet Explorer Main Search Bar http bfc myway com search de srchlft html p DC R - HKCU Software Microsoft Internet Explorer Main Start Page http www neopets com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell ca myway R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell ca myway R - HKCU Software Microsoft Internet Connection Wizard ShellNext http us mcafee com root forgotPassword asp affid - amp langid amp close true amp RW R - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe bin deSrcAs dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO ATLDistrib Object - FCBC- D- B- BF - C FBEB - C WINDOWS system fccbb dll O - BHO no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe bin deSrcAs dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exe O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run IntelWireless C Program Files Intel Wireless... Read more

Relevancy 82.99%

Hello Well I dont know where to really start Im on a Winfixer And Ups Popup Computer Freeze Dell run Windows xp and use IE I think I cut and pasted an address from a spam email out of curiosity and think this caused my problem with Winfixer popup and computer freezing It is now worse after I bought and installed Norton Winfixer Popup And Computer Freeze Ups Internet Security I had McAfee prior to this and since most of it was no longer active I uninstalled it with Norton I did two full scans with Norton found one problem and deleted it I also did a spybot scan and Ad-Aware scan One of them not sure which found over files to quarantine I did so But Norton asked me to delete everything before it would install so I allowed that Cannot tell you much more So sometimes when IE is open I get a Winfixer popup not sure at first what it was all about and it clicked ok It didnt seem to do anything I have since been clicking cancel or on the x in upper right corner It usually takes over whatever IE site is open and crashes everything or freezes everything I can usually hit the x close in upper right on the original IE window after multiples are open and can start over Lately after Norton is installed I am getting freezes and have to use a hard shut down and restart The system is slow now I did see some advice elsewhere on this site that advised to go to start run and controlmgr i think to see what was possible to close I emptied recycle temp internet files and somethine else forget sorry Still have the problem I have printed out bleepingcomputer com forums topic html but am afraid to continue since it is not my post and im not sure what to do next Help please Triumph

A:Winfixer Popup And Computer Freeze Ups

If you think you are infected submit a hijackthis log to the HJT Forum.How to submit a hijackthis logDownload HijackthisTry running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.comorDrWeb CureITorKASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.Also try installing and running A2 Free and EwidoI'd also run Spybot(Spybot Tutorial) and AdawareIf your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..At the C:\ prompt type the following:-cd\C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofixcd\C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

http://www.bleepingcomputer.com/forums/t/36150/winfixer-popup-and-computer-freeze-ups/
Relevancy 82.99%

Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS / Popup Winfixer Infection Ad Virtuemonde system lsass exeC WINDOWS System Ati evxx exeC WINDOWS system svchost exeC WINDOWS system Winfixer Ad Popup / Virtuemonde Infection svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Norton Internet Security NISUM EXEC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS System SCardSvr exeC Program Files Common Files AOL ACS AOLAcsd exeC Program Files Common Files AOL TopSpeed aoltsmon exeC Program Files Norton Internet Security ccPxySvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Common Files AOL TopSpeed aoltpspd exeC Program Files Norton AntiVirus navapsvc exeC Program Files Linksys Wireless-G Notebook Adapter NICServ exeC Program Files Spyware Doctor sdhelp exeC PROGRA NORTON SPEEDD nopdb exeC WINDOWS System svchost exeC WINDOWS system wdfmgr exeC WINDOWS system MsPMSPSv exeC Program Files Common Files Symantec Shared Security Center SymWSC exeC WINDOWS System alg exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC Program Files Windows Defender MSASCui exeC WINDOWS system ctfmon exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Program Files Windows Defender MpCmdRun exeC WINDOWS system taskmgr exeC Program Files Internet Explorer iexplore exeC PROGRA SPYWAR swdoctor exeC Program Files HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet ExplorerR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http localhost O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO PCTools Site Guard - C B A - DB - A -A CB-D BBFEB - C PROGRA SPYWAR tools iesdsg dllO - BHO PCTools Browser Monitor - B A D D- - C -A - DF C AC - C PROGRA SPYWAR tools iesdpb dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run ccApp C Program Files Common Files Symantec Shared ccApp exeO - HKLM Run ccRegVfy C Program Files Common Files Symantec Shared ccRegVfy exeO - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe ConsumerO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hideO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run AIM C Program Files AIM aim exe -cnetwait odlO - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exeO - Extra context menu item amp AOL Toolbar search - res C Program Files AOL Toolbar toolbar dll SEARCH HTMLO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra context menu item Refresh Pa amp ge with Full Quality - C Program Files EarthLink TotalAccess Accelerator pac-page htmlO - Extra context menu item Refresh Pi amp cture with Full Quality - C Program Files EarthLink TotalAccess Accelerator pac-image htmlO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npj... Read more

A:Winfixer Ad Popup / Virtuemonde Infection

Hi and welcome to BleepingComputer I'm Jet Ian , and I will be handling your log to help you get it cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.We also recommend that you Subscribe to this thread so that when I or the other experts replied, you will get an email notification. To do this: Click on then and make sure you set it to Immediate Email Notification.

http://www.bleepingcomputer.com/forums/t/52177/winfixer-ad-popup-virtuemonde-infection/
Relevancy 82.99%

I have run all the suggested virs scans spyware scans cleanuos etc However the popup adds return and there is Popup Galore Adds Winfixer? a random request for Winfixer It is not in the software list anywhere Here is the HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C Winfixer? Popup Adds Galore WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC PROGRA MICROS GAMECO Common SWTrayV exeC PROGRA Grisoft AVGFRE avgcc exeC PROGRA Grisoft AVGFRE avgemc exeC WINDOWS system RUNDLL EXEC Program Files Common Files Real Update OB realsched exeC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files snss snss exeC WINDOWS jwvlujbA exeC WINDOWS SYS exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC WINDOWS sys - exeC WINDOWS system drivers CDAC BA EXEC windows rlvknlg exeC WINDOWS system drivers KodakCCS exeC WINDOWS system ctfmon exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS System nvsvc exeC Program Files FCHelp FCHelp exeC WINDOWS System svchost exeC Program Files Common Files VCClient VCClient exeC Program Files Common Files VCClient VCMain exeC Program Files Spybot - Search amp Destroy TeaTimer exeC PROGRA INCRED bin IMApp exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Program Files Internet Explorer iexplore exeC Documents and Settings Ryan Lang Desktop Virus and Spyware removers HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http login passport net uilogin srf id R - URLSearchHook no name - BF C AD -D D- E -FC -BEDF D E DBA - C WINDOWS Xrtsgits dll file missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - DF -D A - FCD- EC - AC F - C WINDOWS Xrtsgits dll file missing O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - CDF - F - b-A - E A - C WINDOWS DH dll file missing O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Search - BDD DFC -D E - -A -D B E F D - C WINDOWS Xrtsgits dll file missing O - HKLM Run SideWinderTrayV C PROGRA MICROS GAMECO Common SWTrayV exeO - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUPO - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInitO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run Auto Updater C WINDOWS system aupdate exeO - HKLM Run BrowserUpdateSched C WINDOWS system mwinrsap exe CORN O - HKLM Run snss Launcher quot C Program Files snss snss exe quot O - HKLM Run jwvlujbA C WINDOWS jwvlujbA exeO - HKLM Run TheMonitor C WINDOWS SYS exeO - HKLM Run sys - C WINDOWS sys - exeO - HKLM Run OSS C windows rlvknlg exe -bootO - HKCU Run FCHelp quot C Program Files FCHelp FCHelp exe quot O - HKCU Run CU C Program Files Common Files VCClient VCClient exeO - HKCU Run CU C Program Files Common Files VCClient VCMain exeO - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exeO - HKCU Run CMMan quot C Program Files CMMan CMMan exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - Startup Zeno lnk C WINDOWS system mwinrsap exeO - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader re... Read more

A:Winfixer? Popup Adds Galore

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

http://www.bleepingcomputer.com/forums/t/39072/winfixer-popup-adds-galore/
Relevancy 82.99%

Hey guys my friend recommended that I go to this site for help removing a stupid virus on my computer Recently I've beening getting random popups not frequently maybe or times a dad and one is a winfixer popup that asks me if i want to download winfixer and even if i say no it directs me to their site I ran a hijackthis and here is the log Please help Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP Ahh popup remove virus help me winfixer WinNT MSIE Internet Explorer v SP Running processes C Ahh help me remove winfixer popup virus WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe C Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXE C WINDOWS system CTHELPER EXE C Ahh help me remove winfixer popup virus Program Files Belkin Belkin Wireless Network Utility WLService exe C Program Files Belkin Belkin Wireless Network Utility WLanCfgG exe C WINDOWS System CTsvcCDA exe C WINDOWS system dla tfswctrl exe C WINDOWS system nvsvc exe D Program Files WinFast WFTVFM WFWIZ exe C WINDOWS System svchost exe C Program Files Common Files Real Update OB realsched exe C Program Files Creative MediaSource RemoteControl RCMan EXE C WINDOWS System MsPMSPSv exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Logitech SetPoint KEM exe C Program Files Logitech SetPoint KHALMNPR EXE C WINDOWS system wscntfy exe C Program Files Google Google Desktop Search GoogleDesktopIndex exe C Program Files Google Google Desktop Search GoogleDesktopCrawl Ahh help me remove winfixer popup virus exe C Program Files AIM aim exe C WINDOWS System svchost exe C Program Files Internet Explorer iexplore exe C Program Files Adobe Acrobat Reader AcroRd exe C DOCUME Alan LOCALS Temp Temporary Directory for Hijackthis zip HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www cnn com R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust ch search html R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com cust www yahoo com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO MSEvents Object - B DFC -AAFC- -B - B C - C WINDOWS system ddcyx dll O - BHO no name - - F - D - - D F - C Program Files Spybot SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO IeCaptureBho Object - c ce - e - fc - - c - C Program Files Google Google Desktop Search GoogleDesktopIE dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run CTSysVol C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe r O - HKLM Run CTDVDDET C Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXE O - HKLM Run CTHelper CTHELPER EXE O - HKLM Run AsioReg REGSVR EXE S CTASIO DLL O - HKLM Run SBDrvDet C Program Files Creative SB Drive Det SBDrvDet exe r O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run dla C WINDOWS system dla tfswctrl exe O - HKLM Run StorageGuard quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKLM Run EPSON Stylus CX C WINDOWS System spool DRIVERS W X E S I G EXE P quot EPSON Stylus CX quot O quot USB quot M quot Stylus CX quot O - HKLM Run WinFast Schedule D Program Files WinFast WFTVFM WFWIZ exe O - HKLM Run Auto Auto EPSON Stylus CX on ALAN-COMPUTER on COMPUTER C WINDOWS System spool DRIVERS W X E S I G EXE P quot Auto Auto EPSON Stylus CX on ALAN-COMPUTER on COMPUTER quot O quot COMPUTER AutoEP... Read more

A:Ahh help me remove winfixer popup virus

Please print out or save this page to your desktop in order to assist you when carrying out the following instructions.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy


Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning and a list of forums to seek help at.
it should look like this

Quote:




VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk
Please seek assistance at one of the following forums:
http://www.atribune.org/forums
http://www.247fixes.com/forums
http://www.geekstogo.com/forum
http://forums.net-integration.net





At this point press enter one time.
Next you will see:

Quote:




Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.





At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\ddcyx.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:

Quote:




Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.





At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\xycdd.*

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
The fix will run then HijackThis will open.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\ddcyx.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the... Read more

http://www.techsupportforum.com/forums/f100/ahh-help-me-remove-winfixer-popup-virus-70493.html
Relevancy 82.99%

Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers Winfixer Popup Ad Virtumonde / Infection exe C Program Files Unlocker UnlockerAssistant exe C Program Files Nokia Nokia PC Suite PCSuite exe C Documents and Settings Winfixer Ad Popup / Virtumonde Infection bittu Local Settings Application Data Google Winfixer Ad Popup / Virtumonde Infection Update GoogleUpdate exe C Program Files Free Download Manager fdm exe C Program Files PC Connectivity Solution ServiceLayer exe C Program Files PC Connectivity Solution Transports NclUSBSrv exe C Program Files PC Connectivity Solution Transports NclRSSrv exe C WINDOWS explorer exe C Program Files DNA btdna exe C Program Files BitTorrent bittorrent exe C Program Files Nokia Nokia PC Suite OneTouchAccess exe C DOCUME bittu LOCALS Temp sxnl exe C DOCUME bittu LOCALS Temp mcou exe C Program Files Mozilla Firefox Beta firefox exe C Program Files Trend Micro HijackThis HijackThis exe O - BHO FDMIECookiesBHO Class - CC E F - E - FA- FAA- BF - C Program Files Free Download Manager iefdm dll O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run SkyTel SkyTel EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run Persistence C WINDOWS system igfxpers exe O - HKLM Run UnlockerAssistant quot C Program Files Unlocker UnlockerAssistant exe quot O - HKCU Run Google Update quot C Documents and Settings bittu Local Settings Application Data Google Update GoogleUpdate exe quot c O - HKCU Run Free Download Manager quot C Program Files Free Download Manager fdm exe quot -autorun O - HKCU Run Software Informer quot C Program Files Free Download Manager softinfo exe quot -autorun O - HKCU Run PC Suite Tray quot C Program Files Nokia Nokia PC Suite PCSuite exe quot -onlytray O - HKCU Run BitTorrent DNA quot C Program Files DNA btdna exe quot O - HKUS S- - - Run Nokia PCSync quot C Program Files Nokia Nokia PC Suite PcSync exe quot NoDialog User 'SYSTEM' O - HKUS DEFAULT Run Nokia PCSync quot C Program Files Nokia Nokia PC Suite PcSync exe quot NoDialog User 'Default user' O - Extra context menu item Download all with Free Download Manager - file C Program Files Free Download Manager dlall htm O - Extra context menu item Download selected with Free Download Manager - file C Program Files Free Download Manager dlselected htm O - Extra context menu item Download video with Free Download Manager - file C Program Files Free Download Manager dlfvideo htm O - Extra context menu item Download with Free Download Manager - file C Program Files Free Download Manager dllink htm O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - HKLM System CCS Services Tcpip B - - A- FED- D AFAB A NameServer O - Service Avira AntiVir Personal Free Antivirus Scheduler AntiVirScheduler - Unknown owner - C Program Files Avira AntiVir PersonalEdition Classic sched exe file missing O - Service Avira AntiVir Personal Free Antivirus Guard AntiVirService - Unknown owner - C Program Files Avira AntiVir PersonalEdition Classic avguard exe file missing O - Service ServiceLayer - Nokia - C Program Files PC Connectivity Solution ServiceLayer exe -- End of file - bytes

A:Winfixer Ad Popup / Virtumonde Infection

HiPlease Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam

http://www.bleepingcomputer.com/forums/t/171765/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr Popup / Winfixer Ad Virtumonde Infection exeC Program Files Common Winfixer Ad Popup / Virtumonde Infection Files Symantec Shared PIF B E DD - - c Winfixer Ad Popup / Virtumonde Infection -B F- F FCA A PIFSvc exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files Common Files AOL ACS AOLAcsd exeC Program Files Common Files AOL TopSpeed aoltsmon exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus IWP NPFMntor exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccApp exeC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files MSN Messenger msnmsgr exeC Program Files Messenger msmsgs exeC Program Files BitTorrent bittorrent exeC Program Files iPod bin iPodService exec program files common files aol ee AOLOpenRide exeC Program Files Common Files Symantec Shared Security Console NSCSRVCE EXEC WINDOWS System wuauclt exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http red clientapps yahoo com customize www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize www yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http securityresponse symantec com avcenter fix homepage R - HKLM Software Microsoft Internet Explorer Main Local Page C WINDOWS SYSTEM blank htmF - REG system ini UserInit C WINDOWS system userinit exe ttutmdo exeO - BHO no name - da dbe -c b- ae -bc e- b b - C Program Files IntCodec isaddon dll file missing O - BHO no name - FFDCD -D E - - D - E C - C WINDOWS system qomnljh dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO NAV Helper - A F D D-E - D -B A - BB FDD - C Program Files Norton AntiVirus NavShExt dllO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocxO - Toolbar Norton AntiVirus - C E A- F - E-B E- B - C Program Files Norton AntiVirus NavShExt dllO - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run SSC UserPrompt quot C Program Files Common Files Symantec Shared Security Center UsrPrmpt exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run Symantec PIF AlertEng quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe quot a m quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A AlertEng dll quot O - HKLM RunServices winlog winlog exeO - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot backgroundO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run BitTorrent quot C Program Files BitTorrent bittorrent exe quot --force start minimizedO - HKCU Run AOL Fast Start quot C Program Files America Online AOL EXE quot -bO - HKUS S- - - Run ALUAlert C Program Files Symantec LiveUpdate ALUNotify exe User 'SYSTEM' O - H... Read more

A:Winfixer Ad Popup / Virtumonde Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Idle_Snail My name is Richie and i'll be helping you to fix your problems.Before we can provide you with any further assistance,you first need to go here and install Service Pack 1a;http://www.microsoft.com/windowsxp/downloa...p1/default.mspxThis will patch numerous security vulnerabilities in Internet Explorer and the Windows operating system. As your machine stands right now it's exremely vulnerable to infection. You need to get these updates installed first before we can proceed or we?ll both be wasting our time.Note:Do not install Service Pack 2.If you install SP 2 on an infected machine it will cause serious problems within the operating system.

http://www.bleepingcomputer.com/forums/t/102769/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG Winfixer Popup/virtumode Ad Infection avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Sunbelt Software Personal Firewall kpf ss exeC Program Files Softex OmniPass Omniserv exeC WINDOWS system svchost Winfixer Ad Popup/virtumode Infection exeC PROGRA Grisoft AVG avgfwsrv exeC Program Files Sunbelt Software Personal Firewall kpf gui exeC WINDOWS Explorer EXEC PROGRA Grisoft AVG avgcc exeC Program Files Softex OmniPass scureapp exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files Softex OmniPass Help exeC Program Winfixer Ad Popup/virtumode Infection Files Sunbelt Software Personal Firewall kpf gui exeC WINDOWS system devldr exeC Program Files iTunes iTunes exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer IEXPLORE EXEC Program Files HijackThis HijackThis exeR - HKCU Winfixer Ad Popup/virtumode Infection Software Microsoft Internet Explorer Main Start Page http www yahoo com R - URLSearchHook no name - A BD - ED - E- - D B FEEA - C Program Files DeluxeCommunications DxcBho dllO - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AOL Toolbar aoltb dllO - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AOL Toolbar aoltb dllO - HKLM Run DeluxeCommunications C Program Files DeluxeCommunications Dxc exeO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run OmniPass C Program Files Softex OmniPass scureapp exeO - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exeO - HKLM Run IPHSend C Program Files Common Files AOL IPHSend IPHSend exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKCU Run Aim quot C Program Files Common Files AOL Launch AOLLaunch exe quot d locale en-US ee aol imAppO - HKCU Run DeluxeCommunications C Program Files DeluxeCommunications Dxc exeO - Extra context menu item amp AOL Toolbar Search - c program files aol aol toolbar resources en-US local search htmlO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button AOL Toolbar - AF D- E - bda- -B C B - C Program Files AOL AOL Toolbar aoltb dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Unknown file in Winsock LSP c windows system avgfwafu dllO - Unknown file in Winsock LSP c windows system avgfwafu dllO - Unknown file in Winsock LSP c windows system avgfwafu dllO - Unknown file in Winsock LSP c windows system avgfwafu dllO - Unknown file in Winsock LSP c windows system avgfwafu dllO - Trusted Zone elitemediagroup netO - DPF A DCBDB- E - C- -C E A E - http awbeta net-nucleus com FIX WinATS cabO - DPF E C FDC-F - -ACFD- F A A A WebCamTest Class - http awbeta net-nucleus com CABUPDATES winwcd cabO - AppInit DLLs dxclib dllO - Winlogon Notify Applets - C WINDOWS system o roli dll file missing O - Winlogon Notify WgaLogon - C WINDOWS SYSTEM WgaLogon dllO - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - C PROGRA Grisoft AVG avgamsvr exeO - Service AVG Update Service Avg UpdSvc - GRISOFT s r o - C PROGRA Grisoft AVG avgupsvc exeO - Service AVG E-mail Scanner AVGEMS - GRISOFT s r o - C PROGRA Grisoft AVG avgemc exeO - Service AVG Firewall AVGFwSrv - GRISOFT s r o - C PROGRA Grisoft AVG avgfwsrv exeO - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Pro... Read more

A:Winfixer Ad Popup/virtumode Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

http://www.bleepingcomputer.com/forums/t/70085/winfixer-ad-popupvirtumode-infection/
Relevancy 82.99%

Hello all I have a stubborn Winfixer popup that I can't find I've checked with Norton Antivirus Xoftspy eTrust Pandasoft Microsoft Antispyware Ad-Aware and Spybot The only programs that found anything were Pandasoft Activescan which found Virtumonde and Adaware which found a few tracking cookies The popups are usually of Winfixer but I've also seen some from partypoker com and WinAntiVirus Here is my hijackThis log I hope you can help me Thanks in advance Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE popup Winfixer Stubborn and virtumonde Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ACS exe C Stubborn Winfixer popup and virtumonde WINDOWS Explorer EXE Stubborn Winfixer popup and virtumonde C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system spoolsv exe C WINDOWS system drivers CDAC BA EXE C Program Files Toshiba Power Management CeEPwrSvc exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system DVDRAMSV exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C WINDOWS system svchost exe C Program Files Webroot Spy Sweeper WRSSSDK exe c TOSHIBA Ivp Swupdate swupdtmr exe C WINDOWS system dla tfswctrl exe C Program Files TOSHIBA Touch and Launch PadExe exe C toshiba ivp ism ivpsvmgr exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS System ZoomingHook exe C Program Files Common Files Real Update OB realsched exe C Program Files Microsoft AntiSpyware gcasDtServ exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C Program Files QuickTime qttask exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files Motive AsstCommon motmon exe C WINDOWS system igfxtray exe C WINDOWS Stubborn Winfixer popup and virtumonde system hkcmd exe C Program Files EzButton EzButton EXE C Program Files TOSHIBA E-KEY CeEKey exe C Program Files Internet Explorer iexplore exe C Program Files Apoint K Apoint exe C WINDOWS AGRSMMSG exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Apoint K Apntex exe C Program Files Digital Lifeline bin mpbtn exe C WINDOWS system RAMASST exe C Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C Program Files Trend Micro Tmas Tmas exe C WINDOWS system wbem wmiapsrv exe C WINDOWS system wuauclt exe C hjt HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http www toshiba com search R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http toshibadirect com R - HKLM Software Microsoft Internet Explorer Main Search Bar http www toshiba com search R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn ycomp dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO ATLDistrib Object - A A F- B - B- - F D BE FEDE - C WINDOWS system awvtu dll O - BHO NAV Helper - A F D D-E - D -B A - BB FDD - C Program Files Norton AntiVirus NavShExt dll O - Toolbar Yahoo Compani... Read more

A:Stubborn Winfixer popup and virtumonde

Hello and Welcome

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download this tool and save it to your desktop. Then double click the tool and follow the instructions.

VirtumundoBeGone.exe

When its done, reboot and post the log that is created on your desktop called VBG.TXT in your next reply


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked", if present:

O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Then, perform an online scan with Internet Explorer with Panda ActiveScan Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click on see report. Then click Save report

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and into this topic.

http://www.techsupportforum.com/forums/f284/stubborn-winfixer-popup-and-virtumonde-82782.html
Relevancy 82.99%

My Avast anti-virus seemed to detect the problem but not before some changes had been made to my computer Firstly Windows Automatic Update has been disabled and I can't enable it ether via the Control Panel or via services msc It just defaults to disabled It also removed all the System Restore points prior to the infection Now getting all sorts of annoying pop-ups and attacks from virus trojan Can anyone help I'm running Popup Virtumonde Winfixer / I Ad Think! Infection XP Professional and am moderately computer Winfixer Ad Popup / Virtumonde Infection I Think! literate I have tried Vundofix Winfixer Ad Popup / Virtumonde Infection I Think! which detected a ouple of infections but problems remain Deckard's System Scanner v Run Winfixer Ad Popup / Virtumonde Infection I Think! by Paul on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Installed Windows Internet Explorer - - UTC - RP - Installed Windows IDNMitigationAPIs - - UTC - RP - Installed Windows NLSDownlevelMapping - - UTC - RP - Installed Windows XP KB -- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Paul exe ------------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C windows System smss exeC windows system winlogon exeC windows system services exeC windows system lsass exeC windows system svchost exeC windows System svchost exeC windows system svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC windows system spoolsv exeC PROGRA Grisoft AVGFRE avgupsvc exeC WINDOWS system CTsvcCDA EXEC PROGRA EACCEL FRAMEW eac productsvc exeC Program Files Kontiki KService exeC windows system svchost exeC PROGRA EACCEL FRAMEW eac svc exeC windows system wscntfy exeC Program Files Canon CAL CALMAIN exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC PROGRA ALWILS Avast ashDisp exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Acceleration Software Anti-Virus stopsignav exeC windows system rundll exeC windows system ctfmon exeC Program Files iolo System Mechanic SMSystemAnalyzer exeC Program Files Belkin F D v Belkinwcui exeC Program Files SAGEM SAGEM F st - dslmon exeC Program Files eAcceleration Station station bk exeC WINDOWS system ZoneLabs vsmon exeC Program Files Internet Explorer iexplore exeC windows explorer exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Paul Desktop dss exeC DOCUME Paul LOCALS TEMPOR Content IE ZONQLKJ Paul exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn com SEENUS SAOS FORM TOOLBRR - HKCU Software Microsoft Internet Explorer Main Search Page http g msn com SEENUS SAOS FORM TOOLBRR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn com SEENUS SAOS FORM TOOLBRF - REG system ini UserInit C windows system Userinit exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrob... Read more

A:Winfixer Ad Popup / Virtumonde Infection I Think!

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favourites so it doesn't get lost. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. You can find the topics that you are tracking here. Please take note of the following guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.With Regards,The Panda

http://www.bleepingcomputer.com/forums/t/156134/winfixer-ad-popup-virtumonde-infection-i-think/
Relevancy 82.99%

Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Virtumonde / Winfixer Popup Infection Ad Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC WINDOWS system spoolsv exeC Program Files AntiVir PersonalEdition Classic avguard exeC Program Files AntiVir PersonalEdition Classic sched exeC Winfixer Ad Popup / Virtumonde Infection WINDOWS system cisvc exeC WINDOWS Explorer EXEC WINDOWS system inetsrv inetinfo exeC Program Files Common Files Microsoft Shared VS DEBUG Winfixer Ad Popup / Virtumonde Infection MDM EXEC Program Files Eset nod krn exeC WINDOWS system HPZipm exeC Program Files CyberLink Shared files RichVideo exeC WINDOWS System snmp exeC WINDOWS system svchost exeC Program Files Webroot Spy Sweeper SpySweeper exeC Program Files Unlocker UnlockerAssistant exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Eset nod kui exeC WINDOWS system mqsvc exeC WINDOWS RTHDCPL EXEC Program Files VisualTooltip VisualToolTip exeC WINDOWS system mqtgsvc exeC Program Files Styler Styler exeC Program Files Winamp winampa exeC Program Files AGEIA Technologies TrayIcon exeC WINDOWS FixCamera exeC WINDOWS tsnp std exeC WINDOWS vsnp std exeC DOCUME ADMINI LOCALS Temp D -DD - AC-B -C A BC CDD Blaero Start Orb exeC Program Files Windows Defender MSASCui exeC Program Files AntiVir PersonalEdition Classic avgnt exeC WINDOWS system ctfmon exeC Program Files CyberLink Power Go Power GoExpress exeC Program Files TaskSwitchXP TaskSwitchXP exeC Program Files ATI Technologies ATI ACE Core-Static MOM EXEC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS system wuauclt exeC Program Files Webshots WebshotsTray exeC Program Files ATI Technologies ATI ACE Core-Static ccc exeC Program Files internet explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - URLSearchHook speed-bit Toolbar - ba ac-b b - -ba -dba f cba a - C Program Files speed-bit tbspe dll file missing R - URLSearchHook no name - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLLO - BHO Octh Class - B - B - -B F -F B EFC - C Program Files Orbitdownloader orbitcth dllO - BHO Ask Search Assistant BHO - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLLO - BHO speed-bit Toolbar - ba ac-b b - -ba -dba f cba a - C Program Files speed-bit tbspe dll file missing O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Mega Manager IE Click Monitor - bf e - a - fd -b - b e c - C Program Files Megaupload Mega Manager MegaIEMn dllO - BHO Ask Toolbar BHO - F D B -DA B- daf- E -DFEE A AA - C Program Files AskSBar bar bin ASKSBAR DLLO - Toolba... Read more

A:Winfixer Ad Popup / Virtumonde Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Evangeline My name is Richie and i'll be helping you to fix your problems.You are using Download Accelerator Plus - DAP. Be informed that it delivers popup/popunder ads,and tracks your internet usage. You can find safer alternatives here:http://www.spywareinfo.com/downloads.php?cat=dlman#dlmanI strongly suggest you remove this program. If you agree, go to Start > Control Panel > Add/Remove Programs and remove 'Download Accelerator Plus' if present,then reboot.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/106599/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Hello - I m looking for some help with my computer I have two quot major quot issues that I know of -When I try to run Ad-Aware SE my computer reboots Prior to doing so it looks like I have two quot Critical Items quot -I have the Winfixer Pop-Up Here is my HijackThis log I d appreciate any help anyone can give Thank you Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system Problem Ad-Aware Winfixer Popup & winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files HP Digital Imaging Unload hpqcmon exe C Program Files HP HP Ad-Aware Problem & Winfixer Popup Share-to-Web hpgs wnd exe C WINDOWS System hphmon exe C Program Files Common Files Real Update OB realsched exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe Ad-Aware Problem & Winfixer Popup C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C Program Files HP hpcoretech hpcmpmgr exe C Program Files QuickTime qttask exe C Program Files Microsoft AntiSpyware gcasServ exe C Program Files HP HP Share-to-Web hpgs wnf exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files Microsoft AntiSpyware gcasDtServ exe C Program Files HP hpcoretech comp hptskmgr exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS ehome ehSched exe C WINDOWS System nvsvc exe C WINDOWS System svchost exe C Program Files Internet Explorer iexplore exe C Program Files Messenger msmsgs exe C Program Files Internet Explorer iexplore exe C Program Files HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Start Page http www thesabre com R - Default URLSearchHook is missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO MSEvents Object - B D -F - -AC -E AB C F - C WINDOWS system jkhhh dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run eabconfg cpl C Program Files HPQ Quick Launch Buttons EabServr exe Start O - HKLM Run CamMonitor C Program Files HP Digital Imaging Unload hpqcmon exe O - HKLM Run Share-to-Web Namespace Daemon C Program Files HP HP Share-to-Web hpgs wnd exe O - HKLM Run HPHUPD c Program Files HP B B-DCAB- - EE - F hphupd exe O - HKLM Run HPHmon C WINDOWS System hphmon exe O - HKLM Run Cpqset C Program Files HPQ Default Settings cpqset exe O - HKLM Run Iomega Drive Icons C Program Files Iomega DriveIcons ImgIcon exe O - HKLM Run Deskup C Program Files Iomega DriveIcons deskup exe IMGSTART O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run ViewMgr C Program Files Viewpoint Viewpoint Manager ViewMgr exe O - HKLM Run HP Software Update C Program Files Hewlett-Packard HP Software Update HPWuSchd exe O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM RunOnce MicrosoftAntiSpywareCleaner C Program Files Microsoft AntiSpyware gcASCleaner exe O - HKCU Run BackupNotify C Program Files HP Digital Imaging bin backupnotify exe O - HKCU Run Iaes C Documents and Settings Dannielle Application Data w exe O - HKCU Run Itvdrl C WINDOWS System chost exe O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Extra conte... Read more

Relevancy 82.99%

Help my computer has been infected by some sort of virus When my computer turns on a default background comes on that the virus put on it says quot Warning spyware threat has been detected on your PC quot if i let the computer Infection Winfixer Virtumonde Popup/ Ad sit for too long roaches will come onto the screen and start eating the icons I have tried vundofix and vundomundo be gone and both were seemingly unsuccessful Anytime i try to go on the internet with the infected Winfixer Ad Popup/ Virtumonde Infection computer it pops up with several random web sites Most web sites are spyware Winfixer Ad Popup/ Virtumonde Infection removal sites that seem bogus I had to use a quot jumpdrive quot to get the programs downloaded from this site to the infected computer I'm at my end here i cannot figure it out Currently i'm on another computer however i did manage to get the hijackthis file Here it is Please help me and thank you for your assistance Deckard's System Scanner v Run by Owner on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - System Checkpoint - - UTC - RP - Last known good configuration - - UTC - RP - Software Distribution Service - - UTC - RP - System Checkpoint-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup Total Physical Memory MiB MiB recommended -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS system smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS TSI TSIRCUSR exeC WINDOWS TSI TsiUser exeC WINDOWS system xwusuhzh exeC WINDOWS explorer exeC Program Files Common Files Symantec Shared ccSvcHst exeC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC WINDOWS system Crypserv exeC WINDOWS system gearsec exeC WINDOWS system svchost exeC WINDOWS system TSIRCSRV exeC Program Files LapLink Gold laplink exeC WINDOWS system hpsysdrv exeC WINDOWS system hphmon exeC WINDOWS system ctfmona exeC WINDOWS system scnttkdm exeC Program Files Common Files Symantec Shared ccSvcHst exeC WINDOWS system jswnw n exeC WINDOWS system rundll exeC WINDOWS system rundll exeC Program Files Messenger msmsgs exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS system ctfmon exeC Program Files winvi wupda exeC Program Files QdrModule QdrModule exeC Program Files QdrPack QdrPack exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Scansoft PaperPort SmartUI SmartUI exeC Program Files Updates from HP Program BackWeb- exeC Program Files InterMute IMStart exeC Program Files HP Digital Imaging bin hpqgalry exeC WINDOWS system rundll exeK dss exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http www google com ieR - HKCU Software Microsoft Internet Explorer Main Search Page http www google comR - HKCU Software Microsoft Internet Explorer Main Start Page http www whynotsearchhere com start phpR - HKCU Software Microsoft Internet Explorer Search SearchAssistant http www google com ieR - HKCU Software Microsoft Internet Explorer SearchURL Default http www google com search q sR - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE ... Read more

A:Winfixer Ad Popup/ Virtumonde Infection

Hello Navoxeno and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/148018/winfixer-ad-popup-virtumonde-infection/
Relevancy 82.99%

Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot popup ad Virtumonde Winfixer detection / mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC WINDOWS RTHDCPL EXEC WINDOWS system igfxsrvc exeC Program Files ESET ESET Smart Security egui exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Common Files ArcSoft Connection Service Bin ACDaemon exeC WINDOWS system ctfmon exeC Program Files Common Files Ahead Lib NMBgMonitor exeC Program Files DNA btdna exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC Program Files HP Digital Imaging Winfixer ad popup / Virtumonde detection bin hpqtra exeC Program Files HP Digital Imaging bin hpqgalry exeC Program Files Common Files ArcSoft Connection Service Bin ACService exeC Program Files Bonjour mDNSResponder exeC Program Files ESET ESET Smart Security ekrn exeC Program Files Common Files Microsoft Shared VS DEBUG mdm exeC WINDOWS system svchost exeC WINDOWS system rundll exeC Program Files Mozilla Firefox firefox exeC WINDOWS System svchost exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Search URL http toolbar ask com toolbarv askRedirec amp gc amp q R - HKLM Software Microsoft Internet Explorer Search Default Search URL http toolbar ask com toolbarv askRedirec amp gc amp q R - HKCU Software Microsoft Internet Explorer SearchURL Default http toolbar ask com toolbarv askRedirec p gc amp q sR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName OdkazyR - URLSearchHook DefaultSearchHook Class - C E B- - A - B- B BEFC DB - C Program Files AskSearch bin DefaultSearch dll file missing O - Toolbar Ask Toolbar - d e-fd b- e -b - d b f - C Program Files AskBarDis bar bin askBar dllO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run Persistence C WINDOWS system igfxpers exeO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run egui quot C Program Files ESET ESET Smart Security egui exe quot hide waitserviceO - HKLM Run NodLogin C Program Files ESET ESET Smart Security nodlogin exeO - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exeO - HKLM Run HP Software Update quot C Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run NBKey D Matko World of Warcraft Exp hacker exeO - HKLM Run ArcSoft Connection Service C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exeO - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run c c rundll exe quot C WINDOWS system curjdxjg dll quot bO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exeO - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead Lib NMBgMonitor exe quot O - HKCU Run BitTorrent DNA quot C Program Files DNA btdna exe quot O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - RunOnce nltide rundll advpack dll LaunchINFSectionEx nLite inf C N User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - RunOnce nltide rundll advpack dll LaunchINFSectionEx nLite inf C N User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'SYSTEM' O - HKUS S- - - RunOnce nltide rundll advpack dll LaunchINFSectionEx nLite inf C N User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User 'Default user' O - HKUS DEFAULT RunOnce nltide ru... Read more

A:Winfixer ad popup / Virtumonde detection

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop. <<mirror>>If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERSOpen the renamed program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output resultsPost me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/222889/winfixer-ad-popup-virtumonde-detection/
Relevancy 82.99%

Hi my problem is the following Every once in a while there is a explorer window that pop up the title of it is quot z adserver com quot It is speaking about a registry cleaner and the complete window is a link so rdgUS2405.exe z1.adserver Winfixer popup, and i dont click it z1.adserver and Winfixer popup, rdgUS2405.exe and only do the little quot X quot I also have some security warning from windows that it has blocked the software quot rdgUS exe quot because it couldn't verify the publisher And finally i have from time to time a pop up to the site www winfixer com which my spyware doctor keep from opening quot Spyware doctor has detected that you are attempting to access a site that may contain harmful content Would you like to continu anyway quot of course i say no Here is the HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system RUNDLL EXE C Program Files Common Files Symantec Shared ccApp exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files MessengerPlus MsgPlus exe C WINDOWS SOUNDMAN EXE C WINDOWS system ctfmon exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe D Jeux Steam Steam exe C Program Files swtr cout exe C WINDOWS F nts d xplore exe D Programs Spyware Doctor swdoctor exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus AdvTools NPROTECT EXE C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files Logitech SetPoint SetPoint exe C WINDOWS system nvsvc exe D Programs Spyware Doctor sdhelp exe C WINDOWS system wdfmgr exe C Program Files Common Files Symantec Shared Security Center SymWSC exe C Program Files iPod bin iPodService exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C WINDOWS System alg exe C WINDOWS System svchost exe C WINDOWS TEMP win tmp exe C WINDOWS TEMP win FB tmp exe C WINDOWS TEMP iebeopmd exe C WINDOWS TEMP win tmp exe C HJT HijackThis exe C Program Files Messenger msmsgs exe R - URLSearchHook no name - SWOOP - C WINDOWS system njywhohj dll file missing R - URLSearchHook no name - SWOOP - no file O - Hosts L testauthd lineage com O - BHO no name - SWOOP - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO PCTools Site Guard - SWOOP - D Programs SPYWAR tools iesdsg dll O - BHO PCTools Browser Monitor - SWOOP - D Programs SPYWAR tools iesdpb dll O - Toolbar Norton AntiVirus - SWOOP - C Program Files Norton AntiVirus NavShExt dll file missing O - Toolbar Adobe PDF - SWOOP - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll file missing O - Toolbar amp Google - SWOOP - c program files google googletoolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run ccApp C Program Files Common Files Symantec Shared ccApp exe O - HKLM Run ccRegVfy C Program Files Common Files Symantec Shared ccRegVfy exe O - HKLM Run Advanced Tools Check C PROGRA NORTON AdvTools ADVCHK EXE O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe Consumer O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - ... Read more

A:z1.adserver and Winfixer popup, rdgUS2405.exe

Ive been hit with something similar, and was just about to post my HJT log as well. Ive given a little bit of insight into the problem, but because I don't use internet explorer, I am not getting the site specific popups you received (z1.adserver, winfixer.com, etc). I have my IE disabled and I use firefox, so the darned thing isnt getting that far into its dirty deeds with me. Check out my log, perhaps we've got the same thing? It appears to be a new strain, as Norton/Symantec has no information on it.

http://www.techsupportforum.com/forums/f284/z1-adserver-and-winfixer-popup-rdgus2405-exe-91340.html
Relevancy 82.99%

I keep getting popups from Winfixer and Sexbuddies even after running AdAware Sbybot Norton Antivirus and CWShredder I am thoroughly frustrated Here is my Hijackthis log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS [resolved] & Sexbuddies popups Winfixer System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Norton Internet Security ISSVC exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc Winfixer & Sexbuddies popups [resolved] exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exe C Program Files Norton Internet Security Norton AntiVirus navapsvc exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system dllhost exe C WINDOWS Explorer EXE C Program Files Common Files AOL ee aolsoftware exe C WINDOWS ehome ehtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Java j re bin jusched exe C WINDOWS stsystra exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS eHome ehmsas exe C Program Files Winfixer & Sexbuddies popups [resolved] Real RealPlayer RealPlay exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Musicmatch Musicmatch Jukebox mm tray exe C Program Files HP HP Software Update HPWuSchd exe C Program Files HP hpcoretech hpcmpmgr exe C Program Files Corel Corel Photo Album MediaDetect exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Dell Support DSAgnt exe C WINDOWS system ctfmon exe C Program Files Digital Line Detect DLG exe C PROGRA MUSICM MUSICM MMDiag exe C Program Files MUSICMATCH Musicmatch Jukebox mim exe C WINDOWS system igfxsrvc exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Symantec Shared AdBlocking NSMdtr exe C WINDOWS system winlogon exe C hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Start Page http www optonline net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com myway R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AOL Toolbar aoltb dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AOL Toolbar aoltb dll O - BHO ATLDistrib Object - C C- DB - - BD -E C A AD - C WINDOWS system awtqr dll O - BHO Norton Internet Security - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - Toolbar AOL Toolbar - DE C F- - A - B-AA ED D - C Progr... Read more

A:Winfixer & Sexbuddies popups [resolved]

Hello and Welcome to TSF!!!!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning.
It should look like this

Quote:




VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....






At this point press enter one time.
Next you will see:

Quote:




Please Type in the filepath as instructed by the forum staff
and then press enter:





At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\awtqr.dll
Press Enter to continue with the fix.
Next you will see:

Quote:




Please type in the second filepath as instructed by the forum
staff then press enter:





At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\rqtwa.*
This will be the vundo filename spelled backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*

Press Enter to continue with the fix.
The fix will run then HijackThis will open, if it does not open automatically please open it manually.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
After you have fixed these items, close Hijackthis.
Press enter to exit the program then manually reboot your computer.
Once your machine reboots please continue with the instructions below.
Please run this online virus scan: Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
... Read more

http://www.techsupportforum.com/forums/f100/winfixer-and-sexbuddies-popups-resolved-82492.html
Relevancy 82.13%

My computer has been acting pretty weird lately It s been going a lot slower and the hourglass is constantly popping up even when the only thing I Virus protection a from horse A says is trojan than computer bot; my that infected likely more detects by popup Comcast m doing is reading a web page Initially I scanned A popup from Comcast that says my computer is more than likely infected by a bot; Virus protection detects trojan horse with my Avast virus protection and it didn t detect anything it did say that some files couldn t be scanned I did accidentally let my virus protection lapse but for no more than half a day and I wasn t A popup from Comcast that says my computer is more than likely infected by a bot; Virus protection detects trojan horse on the web at that time because I was at work Then the other day I received a popup from Comcast my provider that said one or more computers on my network might be infected by a bot Right before that message popped up a black box appeared very quickly two separate times it looked like the box that appeared whenever I was testing my router awhile back So I did a boot-time scan with Avast and this time it did find a virus with a high severity rating I also scanned with ESET online scanner and it detected a trojan horse I think I might have two separate infections going on because whatever the Avast found was under my profile and the trojan horse that ESET found was under a different user I would appreciate some help in getting rid of whatever is going on here

A:A popup from Comcast that says my computer is more than likely infected by a bot; Virus protection detects trojan horse

Oh yeah, I guess I should include my log huh.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:20:54 AM, on 12/21/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
C:\Users\Mexicans\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-145... Read more

http://www.bleepingcomputer.com/forums/t/433750/a-popup-from-comcast-that-says-my-computer-is-more-than-likely-infected-by-a-bot;-virus-protection-detects-trojan-horse/
Relevancy 82.13%

I have a balloon in may task manager that says i have spyware on my computer and recommends I Possibly Popup Winfixer Ad Alert - System A download software to remove it When the balloon is clicked it takes me to a website In the Add Remove programs menu it is listed as 'System Alert Popup' When i try and remove it it does nothing I found your thread http www bleepingcomputer com forums topic html and followed those instructions None of the spyware scans detected or removed it So I ran the quot Hijackthis' tool and will post the log below HijackThis log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System Alert Popup - Possibly A Winfixer Ad system spoolsv exeC WINDOWS Explorer EXEC WINDOWS System svchost exeC Program Files Network Associates Common Framework FrameworkService exec program files mcafee com agent mcdetect exeC Program Files Network Associates VirusScan VsTskMgr exec PROGRA mcafee com agent mctskshd exeC Program Files Java jre bin jusched exeC WINDOWS SOUNDMAN EXEC Program Files PowerISO PWRISOVM EXEC WINDOWS system RUNDLL EXEC Program Files Common Files Network Associates TalkBack TBMon exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC PROGRA mcafee com agent mcagent exeC Program Files Network Associates Common Framework UpdaterUI exeC PROGRA MICROI INTERN KEMailKb EXEC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files BitComet BitComet exeC WINDOWS system nvsvc exeC Program Files Windows Media Player WMPNSCFG exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC WINDOWS system taskmgr exeC WINDOWS system dumprep exeC Program Files Network Associates VirusScan Mcshield exeC PROGRA MICROS OFFICE OUTLOOK EXEC Program Files Microsoft Office OFFICE WINWORD EXEC Documents and Settings Jeff Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize rch search htmlR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize www yahoo comR - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer Provided by Cox High Speed InternetO - Hosts www worldsex comO - Hosts free comO - Hosts www al a comO - Hosts drbizzaro comO - Hosts www drbizzaro comO - Hosts hoes comO - Hosts www hoes comO - Hosts www absolut-series comO - Hosts elephantlist comO - Hosts www elephantlist comO - Hosts ah-me comO - Hosts www ah-me comO - Hosts google co inO - Hosts google com auO - Hosts google co ukO - Hosts google com arO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - Toolbar no name - ACB E - - C -A - B A A CB - no file O - Toolbar no name - BA B -B - c -B - F F - no file O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM ... Read more

A:System Alert Popup - Possibly A Winfixer Ad

Welcome to BleepingComputer ichthy My name is Richie and I'll be helping you to remove the malware from your system.I cannot see any signs of a firewall on your system. Possibly its because you're using the Windows Firewall or a hardware firewall,or maybe you have it disabled.If you don't use any firewall at all,you should download and install one of the following right away:Sygate Personal Firewall Free Edition:http://www.filehippo.com/download_sygate_personal_firewall/Zone Alarm Free:http://download.zonelabs.com/bin/free/1001..._737_000_en.exeComodo Personal Firewall:http://www.personalfirewall.comodo.com/******************************Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.*****************************Download HostsXpert 3.8: http://www.funkytoad.com/download/HostsXpert.zip1. Extract the zip file to your desktop or a permanent folder on your hard drive.2. Open the folder and double-click on the Hoster.exe3. Press "Restore Microsofts Original Hosts File" 4. Press "OK" and exit the program.Go to: C:\WINDOWS\System32\drivers\etc\HOSTS.1) Right-click on the HOSTS file2) Click Properties3) You will see a window open. Look at the bottom of the window. To the right of Attributes, check the box that says Read-only.4) Click Apply/OK.*****************************Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)Exit Hijackthis.*****************************Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Restart your pc,post the SmitfraudFix report and a new Hijackthis log into your next reply please.

http://www.bleepingcomputer.com/forums/t/83646/system-alert-popup-possibly-a-winfixer-ad/
Relevancy 82.13%

Hi I have not been able to find out where this winfixer Unwanted Engines Winfixer Search Popup & is coming from when i see the winfixer prompt i have locked the zone alarm and then clicked Winfixer & Unwanted Popup Search Engines anywhwere on the winfixer this causes the page not found error to come up and now when i look at task manager and click on go to process while on the error message i find that i have Winfixer & Unwanted Popup Search Engines two instances of iexlore running now i can click end process and it kills the window but that's as far as i have had any real success the other problem i have is when i do a search in the address bar or the search on msn home page i sometimes get a different search engine quite a few differnet ones visually at least clicking on a address in a returned search quite often takes me somewhere else using the back button then forward takes me to where i want but is quite annoying i ran all the programs as instructed and cleaned it up as best i couldthanks for your assistance Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS System CTsvcCDA EXEC Program Files Canon MultiPASS mpservic exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS System MsPMSPSv exeC WINDOWS Explorer EXEC WINDOWS System wuauclt exeC Program Files Creative ShareDLL CtNotify exeC WINDOWS System ctfmon exeC Program Files MSN Messenger msnmsgr exeC Program Files Creative ShareDLL MediaDet ExeC Program Files Zone Labs ZoneAlarm zapro exeC Program Files Internet Explorer iexplore exeC Documents and Settings Daffy Duck AL-THE-GREATIII Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http msn ca O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - E - B- - BD- A CD BA - C WINDOWS prflbmsgp dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO no name - AC F- B - - C - B CB FF - no file O - BHO no name - AC - - D -BAB - C F A B C - C WINDOWS dkcpsapi dllO - BHO no name - DA E - F F- B B- CC - C A EEB - C WINDOWS mpatrol dllO - HKLM Run CTStartup C Program Files Creative SBAudigy Program CTEaxSpl EXE runO - HKLM Run Disc Detector C Program Files Creative ShareDLL CtNotify exeO - HKCU Run CTFMON EXE C WINDOWS System ctfmon exeO - HKCU Run ClearCookies C WINDOWS cc exeO - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot backgroundO - Global Startup ZoneAlarm Pro lnk C Program Files Zone Labs ZoneAlarm zapro exeO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Plugin for bcf C Program Files Internet Explorer Plugins NPBelv dllO - DPF F -B - -A -B BB A C - http a g akamai net meInstaller exeO - DPF F E B A- A - CA- - D CB MSN Photo Upload Tool - http by fd bay hotmail msn com resources MsnPUpld cabO - DPF D DDB -BDF - B- E E-D F EE BDSCANONLINE Control - http download bitdefender com resources scan oscan cabO - DPF C -D E - - - CA A A D - http activex AMC cabO - DPF D D - - D -BDCD- C F A B HouseCall Control - http a g akamai net all xscan cabO - DPF AF - B- AA -AFCB-C F E C - http download lemontonic com LemontonicMessenger cabO - DPF A A - DA - DAF-B - F E E ActiveScan Installer Class - http acs pandasoftware com activescan as free asinst cabO - DPF B BE E -A C- D -A DC- ZoneIntro Class - http sympatico zone msn com binFramework ro cab cabO - DPF BD B - D - C -B - C E C Creative Toolbox Plug-in - http www imgag com cp install Crusher cabO - DPF F A AE -A D- D - - C F... Read more

A:Winfixer & Unwanted Popup Search Engines

Hello,I see you don't have an antivirus installed. You really need one though, because only zonealarm won't protect you from viruses and other malware.AVG, AntiVir? OR Avast are good FREE antivirus.Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!Update your antivirus and let it perform a full scan and let it delete everything it is finding.Reboot afterwards and post a new hijackthislog.

http://www.bleepingcomputer.com/forums/t/36215/winfixer-unwanted-popup-search-engines/