PDA

View Full Version : Computer help (Geek needed)



skdvr
09-11-2007, 13:23
I have a problem with pop-ups on one of my work computers and I was wondering if there were any geeks out there that could help. I have posted this on a geek website but I thought I would check here too... I ran a hijackthis scan and here is the results....

Logfile of HijackThis v1.99.1
Scan saved at 12:01:28 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\wigjfudj.dll",forkonce
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189112329343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189112317687
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

I know it is a long shot but I figured I would try...

Thanks
Phil

Harshal
09-11-2007, 13:46
Hi…… could you please tell exactly what help you are looking for, is it just pop-ups? If you have a toolbar from yahoo or any other similar service, all you need to do is enable pop-up blocker on there.

skdvr
09-11-2007, 14:02
Oh no this is a lot more than just regular pop ups. This is some malware... I have ads poping up as well as having Trojan_Vundo and Winfixer. I just cannto get it to go away. There is stuff burried in there that I need to get rid off but I just need to know what I can and cannot get rid of.

I wish that all I needed was a pop up blocker. That would be awesome...

Phil

underwaterdan
09-11-2007, 14:05
Format C:\

skdvr
09-11-2007, 14:06
Format C:\

That is my last resort. I will do that if I have to but only if I have to...

Phil

Harshal
09-11-2007, 14:40
Format C:\

That is my last resort. I will do that if I have to but only if I have to...

Phil
Phil try this.
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99

cgvmer
09-11-2007, 14:49
What kind of spyware checking software are you running? I use adaware from lavasoft, here is the free download version http://www.download.com/Ad-Aware-2007-Free/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5

Harshal
09-11-2007, 15:15
cgvmer - Adware software would not remove vundo. Vundo is a trojan and it spreads thru internet connection.

Phil there are tools available to remove Vundo, I sent you link from symentec, if that does not work let me know I might be able to ppoint u to something else.

cgvmer
09-11-2007, 15:17
sorry I missed the reference to vundo, he should probably run the removal process and then run the malware/ad ware tools, and run them daily/weekly depending on your connectivity to the Internet. Better connectivity, run more often.

skdvr
09-11-2007, 15:19
I too use ad-aware and I also just downloaded AVG anti-spyware (which you get a full version for free for 30 days.) That actually found some stuff that ad-aware did not but I still have the problem. This thing is horrible. I have been chasing it for the last two days and I cannto seem to figure out where it has got me. If anyone can make sense of the applications that I have listed above they will be able to tell me what can be deleted and how. I have this posted on www.geekstogo.com which is a great site. It may take a little while for them to get to me because so many people post with these types of problems. That is why I decided to try and post it here too, just incase there is anyone with the knowledge on here that has the time to look at my problem... there is a lot of good info on that site if anyone is into that kind of stuff... Thanks for the replys...

Phil

skdvr
09-11-2007, 15:21
cgvmer - Adware software would not remove vundo. Vundo is a trojan and it spreads thru internet connection.

Phil there are tools available to remove Vundo, I sent you link from symentec, if that does not work let me know I might be able to ppoint u to something else.

I looked at the link but I have not tried it yet. I am getting ready to leave my office and I may give it a shot tomorrow if nothing else comes up. The only problem is that Vundo is not all that is on here I am sure. That is just one thing that I know that I have, or had (I may have gotten rid of it a little while ago but I am going to start a scan before I leave and check it tomorrow...)

Thanks for the link, and taking the time to look...

Phil

Harshal
09-11-2007, 15:25
Were you able to get rid of Vundo?

cgvmer
09-11-2007, 15:26
BTW: If you don't want to pay for some of these google pack has a version of norton for free download

http://pack.google.com/

finflippers
09-11-2007, 15:29
Try booting the computer in safe mode and run your programs. Only vital programs are loaded in safe mode and sometimes you can get rid of extra stuff easier that way.

If system restore is turned on you might get away with restoring the computer to an earlier time.

Ajuva
09-11-2007, 16:04
Spybot Search and Destroy in conjunction with Avast prevents almost all but the symantec removal tool first to get to an even keel to run from.

TommyB
09-11-2007, 16:06
Just post the log over at the hijack this site, and they will tell you how to remove it..

skdvr
09-11-2007, 22:00
Just post the log over at the hijack this site, and they will tell you how to remove it..


The place that I posted it (www.geekstogo.com) has a forum specifically for hijackthis findings. I will let you all know tomorrow where I am at with this... Thanks again for all the reply's


Phil

Suther2136
09-12-2007, 10:15
Try Adaware (this is a free download), then use spybot (also a free download). These two should clean up your PC pretty good.

ScubaToys Larry
09-12-2007, 10:26
We had a nasty pop up on my mom's computer, and after running spybot it was still there... but then we changed to the advanced mode, and went in to the startup screen and took out everything... that fixed it. If you haven't used that... it's really easy. It gives you a list of everything that starts and you just put check marks in the ones you want... if everything works fine - you can delete them later. That fixed hers although the normal spybot run didn't.

skdvr
09-12-2007, 11:13
We had a nasty pop up on my mom's computer, and after running spybot it was still there... but then we changed to the advanced mode, and went in to the startup screen and took out everything... that fixed it. If you haven't used that... it's really easy. It gives you a list of everything that starts and you just put check marks in the ones you want... if everything works fine - you can delete them later. That fixed hers although the normal spybot run didn't.


That is also how hijackthis works, the probelm is that there are so many things in the start up I did not know what was malware and what is supposed to be there... I will give spybot a shot though and see what happens. I have not had any time yet today to mess with it but if I do I will let you all know how it is going...

Phil

PS. I have been running adaware and pc-cillian on it

sudnit5
09-12-2007, 13:42
The way I get rid of everything on my computer and all the computers at work is a conjunction of Adaware and Spybot. Both programs are free to use. What I suggest is to download both programs then disconnect from the internet, run Adaware then Spybot. Restart your computer leaving the internet still disconnected and run them both again. I have had pretty good success with that method. If all else fails you could format.

http://www.download.com/Ad-Aware-2007-Free/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5
http://www.spybotupdates.com/files/spybotsd15.exe

jwdizney
09-12-2007, 13:55
Spybot Search and Destroy in conjunction with Avast prevents almost all but the symantec removal tool first to get to an even keel to run from.

I like the spybot for removing adware and asst'd "trojans", then i run McAfee anti-virus and google toolbar for popup blocker... runs well in this configuration....

skdvr
09-12-2007, 17:03
OK well I have now tried everything posted in here except for reformating the hard drive (which will be next if I get no responses from the other forums) and I still have the problems. I spent a few hours just going through all of the system folders finding everything that installed on the 6th (dooms day for this computer) and deleted everything that I found. The only proplems that I am having now is with winantivirus and cpvfeed.com pop-ups. I just posted my hijackthis log at the lava soft website forum so hopefully someone there will be able to help out. The other site that I am trying www.geekstogo.com can take several days before anyone gets to you to help. So I thought I would try out lava soft and see if I get any faster responses.

Thanks again to everyone for the help...

Phil

CompuDude
09-12-2007, 20:01
I love spyware. Makes me a small fortune in consulting fees and helps pay for diving toys.

If you've spent more than 4 hours troubleshooting a nasty spyware issue, it's time to wipe the drive and reinstall Windows. In fact, that's what I generally recommend to my clients... if it's more than Adaware and Spybot S&D can handle, it's going to cost more than it's worth to have me troubleshoot it, rather than have me reload the system all nice and clean.

The added bonus is that nice and clean, freshly-loaded systems are a joy.

This is why friends don't let friends (or family) run Internet Explorer. Firefox all the way. (And it's possible to have issues there, too)

GOOD friends don't let friends run PCs without a really good reason. They get their family and loved ones moved over to Macs instead.

skdvr
09-12-2007, 20:25
I love spyware. Makes me a small fortune in consulting fees and helps pay for diving toys.

If you've spent more than 4 hours troubleshooting a nasty spyware issue, it's time to wipe the drive and reinstall Windows. In fact, that's what I generally recommend to my clients... if it's more than Adaware and Spybot S&D can handle, it's going to cost more than it's worth to have me troubleshoot it, rather than have me reload the system all nice and clean.

The added bonus is that nice and clean, freshly-loaded systems are a joy.

This is why friends don't let friends (or family) run Internet Explorer. Firefox all the way. (And it's possible to have issues there, too)

GOOD friends don't let friends run PCs without a really good reason. They get their family and loved ones moved over to Macs instead.


I was right there with ya until the Macs... YUK!!!

I will wait to see if I hear anything from the other forums and if not then next week I will re-format the hard drive.

Phil

tnfireman
09-12-2007, 21:15
http://www.download.com/Ad-Aware-2007/3000-8022_4-10731194.html?tag=list
http://www.download.com/Avast-Home-Edition/3000-2239_4-10721010.html?tag=list
http://www.download.com/Advanced-WindowsCare-Personal/3000-2086_4-10723130.html?tag=list

These are the three programs I run.

CompuDude
09-13-2007, 00:01
I love spyware. Makes me a small fortune in consulting fees and helps pay for diving toys.

If you've spent more than 4 hours troubleshooting a nasty spyware issue, it's time to wipe the drive and reinstall Windows. In fact, that's what I generally recommend to my clients... if it's more than Adaware and Spybot S&D can handle, it's going to cost more than it's worth to have me troubleshoot it, rather than have me reload the system all nice and clean.

The added bonus is that nice and clean, freshly-loaded systems are a joy.

This is why friends don't let friends (or family) run Internet Explorer. Firefox all the way. (And it's possible to have issues there, too)

GOOD friends don't let friends run PCs without a really good reason. They get their family and loved ones moved over to Macs instead.


I was right there with ya until the Macs... YUK!!!

I will wait to see if I hear anything from the other forums and if not then next week I will re-format the hard drive.

Phil

Once upon a time I would have agreed with you. But:

BSD Unix core. Super stable. Runs all the software needed by 95% of the population... and for the gamers, dual-booting is definitely an option on the newer systems.

And thus far impervious to viruses and spyware.

What not to love?

Bear in mind, I work on and support both platforms (professionally), and love aspects of each. But for dealing with the internet and all of the nastiness out there, it really is all about the Mac.

Formerly 45yroldNewbie
09-13-2007, 21:33
We have had alot of luck using WebRoot. You can get it online for about $25 and it has removed stuff that none of the others could. You could try it as well. Even if you end up wiping and reloading your PC you could still use the product for your anti - spy-virus-crap protector.:smiley20:

CrzyJay456
09-13-2007, 21:41
i only saw 2 things that i can actually understand and like...
FIREFOX and MAC

pnevai
09-14-2007, 01:16
Seems you may be infected by a rootkit. Hard to find and harder to kill.

Try this

http://www.pchell.com/support/poweredbyzedo.shtml


If the above does not work then this last URL should get rid of it for good. You have picked up a rather nasty bit of business and a tough sucker to kill.

http://www.bleepingcomputer.com/forums/topic105899.html

I would suggest after everything is clean, go to microsoft.com download and install windows defender. Enable all features and then forget about it. It does a great job keeping nasty stuff off of the PC and it's free.

skdvr
09-14-2007, 05:42
Hey everyone I have someone helping me right now on Lavasoft's forum. If you are interested in seeing his sugestions you can check it out here (http://www.lavasoftsupport.com/index.php?showtopic=12509).

Thanks again to everyone for their help...

Phil