Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blank Internet Popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 fernandoBOT

fernandoBOT

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 29 November 2007 - 02:18 AM

i dont know what i downloaded that gave me these viruses/adware. i'm generally extremely cautious as to where i download from, i guess sometimes things just slip by.

i've scanned with BitDefender, Cleaned out my temp files with CCleaner, scanned with SpyBot and TrendMicro.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:53 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\ALCXMNTR.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\igfxtray.exe
H:\WINDOWS\system32\hkcmd.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Softwin\BitDefender10\bdagent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
H:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Last.fm\LastFMHelper.exe
H:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
H:\Program Files\Viewpoint\Common\ViewpointService.exe
H:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
H:\Program Files\Trend Micro\BM\TMBMSRV.exe
H:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Trend Micro\Internet Security\TmProxy.exe
H:\Program Files\Last.fm\LastFM.exe
H:\Program Files\iTunes\iTunes.exe
H:\Program Files\Trillian\trillian.exe
H:\PROGRA~1\MOZILL~1\FIREFOX.EXE
H:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
h:\program files\softwin\bitdefender10\bdmcon.exe
J:\Microsoft Office 2003 SP3 Lite\Microsoft Office Word 2003.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
H:\Program Files\Softwin\BitDefender10\vsserv.exe
H:\WINDOWS\explorer.exe
H:\Documents and Settings\fernando\Desktop\HiJackThis.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] H:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] H:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "H:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "H:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3888] command /c del "H:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1114] cmd /c del "H:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5572] command /c del "H:\WINDOWS\system32\drivers\core.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3822] cmd /c del "H:\WINDOWS\system32\drivers\core.sys"
O4 - HKLM\..\RunOnce: [SpybotSnD] "H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "H:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = H:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Last.fm Helper.lnk = H:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - H:\Program Files\Bonjour\ExplorerPlugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196135754515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196147880140
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - H:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - H:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - H:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - H:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - H:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - H:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - H:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5632 bytes

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 December 2007 - 12:20 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 03 January 2008 - 09:26 AM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users