Computer Support Forum

Pop-ups for http://display.adtrgt.com when using IE

Question: Pop-ups for http://display.adtrgt.com when using IE

Hello

I've been having a problem with pop-ups fo the past 2-3 days. I have ran ad-aware made by lavasoft, and I deleted everything that it came up with. I then restarted, and I am still having the problem. I would like to have it checked out by someone that knows what they are doing .

Anyway,the pop-ups are coming up all with the URL starting as http://display.adtrgt.com, and then it's followed by a bunch of random letters and numbers. They always show up when I am browsing the internet, with IE. I haven't tried any other browser. When I click on a link, to anything, is when the windows pop up.

I am running Windows XP Service Pack 3. Here's my HJT log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:56 AM, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common
Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Corel\Corel
PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common
Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
O1 - Hosts: 97.74.60.31 tux-hack.net
O1 - Hosts: 97.74.60.31 www.tux-hack.net
O1 - Hosts: 97.74.60.31 http://tux-hack.net
O1 - Hosts: 97.74.60.31 http://www.tux-hack.net
O1 - Hosts: 97.74.60.31 http://www.tux-hack.net/index.php
O1 - Hosts: 97.74.60.31 hacksantana.com
O1 - Hosts: 97.74.60.31 www.hacksantana.com
O1 - Hosts: 97.74.60.31 http://hacksantana.com
O1 - Hosts: 97.74.60.31 http://www.hacksantana.com
O1 - Hosts: 97.74.60.31 http://www.hacksantana.com/index.php
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]
C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager]
"C:\Program Files\Common
Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program
Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [{7ABCACD8-3F1E-EB4A-995A-4D0B73EC4F57}]
"C:\WINDOWS\TEMP\IXP002.TMP\WMPupdate.exe" /r
O4 - HKLM\..\Run: [Ad-Watch] C:\Program
Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [94435f67] rundll32.exe
"C:\WINDOWS\system32\phhwoxhc.dll",b
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program
Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo
Downloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program
Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program
Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program
Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program
Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default
user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program
Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace
Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}
(MJLauncherCtrl Class) -
http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.
cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program
Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Update Service
(gupdate1c9b5a862dca8b2) (gupdate1c9b5a862dca8b2) - Google
Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService)
- Sun Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program
Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. -
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program
Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nProtect GameGuard Service (npggsvc) -
Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file
missing)
O23 - Service: ProtexisLicensing - Unknown owner -
C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) -
Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) -
Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7529 bytes
Click to expand...

I would appreciate any help that any of you have, because these pop-ups and IE crashing from them is putting a stop to me working on my website, which needs to be done haha.

Relevance 100%
Preferred Solution: Pop-ups for http://display.adtrgt.com when using IE

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Pop-ups for http://display.adtrgt.com when using IE

Bump. Please help.

1 more replies
Relevance 70.11%

how do i remove <hxxp://url.adtrgt.com/cpv.jsp>Deactivated link to protect other readers and moving to Am I Infected forum from Windows XP ~ OB

Answer:http://url.adtrgt.com/cpv.jsp

Welcome to BC. We want to do 2 things. Turn off BOClean and Spybot if running. Then run these tools.MBAMPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show ... Read more

1 more replies
Relevance 70.11%

Hello guys. I am fed up of these pop ups! I am using firefox 2.0.0.18 on windows xp home edition. Every few minutes or so a browser pops up with the main url being http://url.adtrgt.com followed by a bunch of other #'s and letter's. It is getting very frustrating. I am running zone alarm, ad aware, spybot, avast antivirus....and it's still not getting rid of it! Any help is appreciated!

Here is my hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:52 AM, on 11/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Pr... Read more

Answer:http://url.adtrgt.com

Receiving help here:
http://forums.whatthetech.com/Keep_...trgt_com_t97195.html&gopid=503876#entry503876

Please don't post for help at multiple forums.
 

1 more replies
Relevance 69.29%

http://sameshi tasiteverwas.com
http://url.adtrgt.com/cpv.jsp
IE8 keeps getting opened automatically and tries to post to one of the above URL's or both, one after another......
Needs some assistance...this is very annoying... thanks a lot...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:52 PM, on 4/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\L... Read more

More replies
Relevance 69.29%

I have been attempting to resolve this problem for about 4 days. Would prefer to resolve this without performing complete re-install of software. In another forum post with a similar issue redirected to a similar URL the poster claimed to have resolve the problem with Spyware Doctor and AVG. I have not been as fortunate, although the frequency of popups has been reduced. My firewall is currently set to block the network zone of the destination address.

Symptoms/Problems/Facts:
1. IE7 pop-up window to: http://url.adrgt.com
IE7 pop-up window to: http://7310.partners.findology.com
2. IE7 pop-up window to: http://multi-pop.... (not certain of full address)
3. Primary Browser Used Mozilla
4. Periodically Firewall warns me that iexplorer.exe is requesting elevated status - system time. Then the window pops up. I do not remember receiving this warning prior to installing spyware doctor and registering product.

Software installed and ready to use for fix:
1. CCleaner v2.04.543 (free)
2. AVG 7.5 (free)
3. PC Tools Spyware Doctor (registered)
4. HijackThis v1.99.1 (free)
5. COMODO Firewall Pro
6. COMODO BOClean
7. LavaSoft Ad-Aware
8. Ad-Aware 2007 Free Edition
=================
Logfile of HijackThis v1.99.1
Scan saved at 2:27:11 AM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:... Read more

Answer:(HiJack Log) IE pop-up: http://url.adtrgt.com (et ux)

I am going to work on the solution more myself - something needs to be done - , so please send a message before you spend much time looking at this - because my HijackThis Log may change tonight.
 

1 more replies
Relevance 69.29%

Recently bought a used iphone, hooked it up, unlocked it all in one night. Then I started looking for some cracked apps (pretty stupid I know). Downloaded one from some rapidshare link and immedietely got virus warning from symantec and computer got really really slow (mouse movement was skipping/lagging all over the place etc). I did a hard restart of the computer hoping somehow it would help, of course it didnt help much. Ran antivirus from symantec and spybot then installed/ran avira. They both found a few things and cleaned/quarantined but I started getting constant popups to http://url.adtrgt.com/ as well as to some long address with an ip in the begining suggesting (at least to me with my minimal knowledge of viruses and what-not that its probably a virus and not malware?). Anyway just downloaded and ran combofix as well as hijackthis and I will post both logs. Any help appreciated as this is a terrible time for this to happen, I have way too much work this week and along with classes its brutal. Thanks in advance for any/all help!

Hijackthis! logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:36 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpn... Read more

Answer:popup http://url.adtrgt.com/ and more

8 more replies
Relevance 69.29%

My laptop (running Windows XP Pro) has been infected with a stuborn bug and when I'm in script debugger I can see the http://url.adtrgt.com/cpv.jsp triggering popups.

Trend Micro OfficeScan & Spybot find stuff but try as they might, when I reboot and open a browser window the popups return.

When I Googled the URL, I found this site with what appeared to be several successful removals using a combination of Hijack This and ComboFix.

Attached is my Hijack This log & ComboFix log.

If someone could please also help me I would really appreciate it.
Thanks...
 

More replies
Relevance 68.47%

Hi thereI have the aforementioned infection on my PC. Have run Spybot and Ad-aware and it has partly fixed the problem, but I still get pop-ups (new tabs really as I'm using Firefox) redirecting me to, usually, <hxxp://url.adtrgt.com>, though sometimes I get sites like poker sites and other ads.I've just installed and run HiJackThis and here's the log. Seems like you guys are pretty good at fixing this sort of thing so hopefully you can help me out!ThanksHBLogfile of Trend Micro HijackThis v2.0.2Scan saved at 20:52:14, on 01/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\WINDOWS\system32\RegSrvc.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\drivers\STDSB.exeC:\WINDOWS\system32\drivers\Icon.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\s... Read more

Answer:Virtumonde infection / http://url.adtrgt.com

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow t... Read more

10 more replies
Relevance 68.47%

I also get a provirisremover 2009 popup too along with the <hxxp://url.adtrgt.com> popup.My computer also seems slower in general.DDS (Version 1.1.0) - NTFSx86Run by Johnathan at 4:21:32.42 on Fri 12/26/2008Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.938 [GMT -5:00]AV: AVG 7.5.552 *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\libusbd-nt.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\TVersity\Media Server\MediaServer.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC... Read more

Answer:http://url.adtrgt.com popip in firefox

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.I am reviewing your log. In the meantime, please address the following:* Have you have posted this issue on another forum? If so, please provide a link to the topic.* If you are an employee and this system is owned by your employer, do you have permission to make changes to it?* If you are using any cracked (illegal) software, please uninstall that. * If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring yo... Read more

1 more replies
Relevance 68.47%

Hi ThereI have an issue with one of laptops at work, some strange things are occurring, firstly the AV resident shield detected a 'threat' within the users temp internet files called "freescan(1).htm, I selected to 'heal' this threat.Then, when opening a web browser (IE6), it tried to get hit a site with the following url, <hxxp://url.adtrgt.com/cpv.jsp?...........>.Also prompts 'warning messages' are appearing suggesting that the machine has infected and that we should download some software to fix the problem.I have ran some cleaning tools and performed a virus scan (this found 6 viruses, all of which were quarantined etc)Here are the HJT logs,DDS (Version 1.1.0) - NTFSx86Run by FionaL at 16:27:18.15 on 30/12/2008Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_14Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1310 [GMT 0:00]AV: AVG 7.5.519 *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Canon\DIAS\CnxDIAS.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Dell\Qu... Read more

Answer:malware issue - http://url.adtrgt.com/cpv.jsp?

Is this a business computer?If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)? I ask because I do not help in cleaning business or corporate computers for several reasons: There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware. Any infection could jump terminals in a computer network. There may also be legal issues regarding any loss of business data that I do not wish to deal with.

2 more replies
Relevance 68.47%

I have a virtumonde virus whereby my internet explorer repeated opens by itself and goes to "http://url.adtrgt.com/." I've used SpyDoctor, AVG, Spybot, Adaware, FixVundo, VundoFix, nothing has working. I'm about to post my HijackThis and ComboFix log. Any help would be greatly appreciated.
 

Answer:Vundo Virus, HELP! -- IE Pop ups to http://url.adtrgt.com/

Here's my Log from HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:15 PM, on 4/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Roger Jin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Wi... Read more

1 more replies
Relevance 68.47%

hi there.

i kept getting a popup in firefox trying to get to a website that started with http://url.adtrgt.com/cpv.jsp?p=... after reading through a bunch of website with people with similar problems i've run scans using MBAM, SUPERAnti-Spyware, and Spybot S&D. they'd each found various things but none of them got rid of the popup window, so i followed instructions and ran combofix. i just rebooted but haven't gotten a popup yet.

was wondering if someone could take a look at the logs and see if there's any additional stuff that needs to be removed so this problem doesn't keep occuring.

thanks to anyone who can help. it's really appreciated.

------------------------------------------------------------------------
ComboFix 09-01-07.01 - John 2009-01-07 14:32:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.543 [GMT -5:00]
Running from: f:\documents and settings\John\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\system32\clzndi.dll
f:\windows\system32\dphvlfus.ini
f:\windows\system32\drivers\senekadmttivxs.sys
f:\windows\system32\k9261108.exe
f:\windows\system32\tmp.reg
f:\windows\system32\xuhaltua.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 ... Read more

Answer:popup keeps coming: http://url.adtrgt.com/cpv.jsp?p=...

12 more replies
Relevance 67.65%

HelloWhen I explore the web via firefox, IE browsers I am getting popups pointing to this address url.adtrgt.com.I have Trend Micro 2007 which prohibits the content of the page from loading but every time it happens I am getting the warning screen from Trend Micro.In addition to this I am getting other pop-ups from random sites that are not being blocked by trend micro.I used trend micros hijackthis app to create this log.I would really appreciate assistance in removing this; thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:22:46 AM, on 3/7/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Program Files\Trend Micro\Internet Security 2007\pccguide.exeC:\Program Files\Dell Support Center\bin\spr... Read more

Answer:Computer infected with spyware: http://url.adtrgt.com

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 67.65%

Hi everyone... I have a virtumonde virus that directs me to [<hxxp://url.adtrgt.com> from internet explorer. I've tried Adaware, spybot, avg, spydoctor, fixvundo, vundofix, nothing seems to work. Please advise me on this issue. Below is my log from HiJack This. Shall I go ahead and post my log from ComboFix?---Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:28:15 PM, on 4/19/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\PROGRA~1\AVG\AVG8\avgwdsvc.exeE:\SmartPCTools\Registry Repair Wizard\RCHelper.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Users\Roger Jin\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeE:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Spyware Doctor\pctsAuxs.exeC:\Program Files (x86)\Spyware Doctor\pctsSvc.exeC:\Program Files\Sony\VAIO Care\listener.exeC:\Program Fi... Read more

Answer:Virtumonde Virus -- Pop-ups directing me to http://url.adtrgt.com

I have another problem relating to this... Tried to run combo fix but said that it was incompatible with my system. I use a Windows Vista, 64 bit system... what can I do?

3 more replies
Relevance 50.02%

Hi. I have had this problem for many months now and have tried to remove the infection manually using instructions found on ehow, using Norton Antivirus, malwarebytes and spybot search and destroy. Nothing has been successful at removing it. I have just been using my laptop instead of my desktop because I don't want to use an infected computer. The computer is running Windows XP Professional SP3. I receive notifications from Norton that an intrusion attempt has been blocked. When I go into the log, I found that there were three high risk log entries, one for HTTP Tide Serv Request2, one for HTTP CrimePack Activity 1, and one for HTTP Nukesploit Request. As I mentioned this has been going on for months now. At the beginning it was mostly just HTTP Tide Serv Request2, the other two are new today. I'm hoping you can help me, otherwise I'm going to have to reinstall Windows, which I'd like to avoid doing. I hope I have included enough background. My scans are below and attached. Your help is greatly appreciated!

Thanks,
Mike
DDS Scan Results:

DDS (Ver_10-12-12.02) - NTFSx86
Run by PPSV at 12:53:22.68 on 01/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1463 [GMT -5:00]

AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Bitdefender Firewal... Read more

Answer:HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hello mthess, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on... Read more

7 more replies
Relevance 47.97%

IE will not open Google. Analyzed with Malwarebytes' Anti-Malware and nothing found. Clean scans with Norton as well. System has denied write access to host files, which are full of hijacked domains. Even tried HostsXpert to edit host files and host file is marked "system file" that can NOT be manipulated. I sure would appreciate some assistance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:41:24 PM, on 11/19/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dl... Read more

Answer:IE cannot display the webpage http://www.google.com

Hi Joevera,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Please perform the steps fully and in the order they are written and proceed to the next step only if the previous step is successfully completed.Download RootRepeal.exe from one of these download locations and save it to your desktop:
http://download.bleepingcomputer.com/rootr.../RootRepeal.exe
http://ad13.geekstogo.com/RootRepeal.exe
http://rootrepeal.psikotick.com/RootRepeal.exeOpen on your desktop.Click the tab.Click the button.Check all seven boxes: Click Ok.Check the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see... Read more

7 more replies
Relevance 47.97%

Trying to connect belkin router 2.4ghz -802.11g wireless;
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Anthony Duffy>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : duffy-compaq
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : microsoft.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : microsoft.com
Description . . . . . . . . . . . : SMC EZ Card 10/100 PCI (SMC1211TX)
Physical Address. . . . . . . . . : 00-30-F1-31-B0-B0
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.2
DHCP Server . . . . . . . . . . . : 192.168.2.2
DNS Servers . . . . . . . . . . . : 192.168.2.2
Lease Obtained. . . . . . . . . . : Friday, May 30, 2008 12:35:01 PM
Lease Expires . . . . . . . . . . : Thursday, May 03, 1906 7:43:48 PM

Please help. Thanks.
 

Answer:Internet Explorer cannot display http://192.168.2.1/

Obviously it's because your lease expired 102 years ago!

More seriously, if the router's LAN has really been changed to 192.168.2.2 there may be no web server at 192.168.2.1. What computer or whatever on your network are you trying to access.

If you think that the router should still be using its default LAN address, reset it to factory default settings and reconfigure and see if it behaves better.
 

2 more replies
Relevance 42.23%

Yesterday I got this threat HTTP Malicious Toolkit Variant Activity 2 and my Norton Internet Security blocked them. I installed Malwarebytes and SuperAntiSpyware, updated them, restarted in safe mode, disconnected from the internet and did a full system scan for both and didnt detect anything. Today I got this threat HTTP SurfAccuracy Config Request.

So I was wondering if my computer is infected with malawares and if someone could give me a hand here.

Any help would be appreciated!

Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:03 AM, on 11/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\s... Read more

Answer:HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Hello, gunnersluver
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on ... Read more

2 more replies
Relevance 41.82%

I followed the instructions given for those experiencing "Win Min" problems. However, they are different problems, and I was upset to find that this morning everything was as screwed up as before.this http://searchweb2.com hijack reasserts itself as the starting page everytime it's changed, and sometimes crashes new windows. The instructions said something about a scanlong, and I assume that's a HijackThis scan (searching my harddrive for "scanlog" didn't turn up anything). As such, here's what HijackThis turns up.

Logfile of HijackThis v1.98.0
Scan saved at 8:12:15 AM, on 8/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\... Read more

Answer:Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

7 more replies
Relevance 41.82%

Once again, the kids have got onto something. My home page keeps being redirected to http://mysearchnow.com/passthrough/index.html?http://www.google.com/. Can someone check my hijackthis log? Thanks in advance.

ogfile of HijackThis v1.97.7
Scan saved at 1:21:38 PM, on 10/07/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PLAY ANTI SEEK\IDOLDEAD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOWNLOAD FILES\HIJACK FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F... Read more

Answer:hijacked by http://mysearchnow.com/passthrough/index.html?http ://www.google.com/

9 more replies
Relevance 41.82%

After putting an usb drive that i use for printing avast started notifyng me of wscript.exe  trying to access this sites: (http://etpsoprc.ru/a/, http://specrtop.org/a/).
 
i dont know what to do and i cant initiate a lot of the cleaning tools mentioned on other sites. any help will be aprecciated.

Answer:problem URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500601 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 41.82%

I also attached the scan logs, if it's necessary.

I would really appreciate it, if you can help me.Thank you so much in advance.
 

Answer:http://differentia.ru/diff.php & http://atomictrivia.ru/atomic.php malware

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 41.82%
Question: Adtrgt.com Pop-up

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:04:49 PM, on 2/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program ... Read more

Answer:Adtrgt.com Pop-up

help please. it's annoying.

3 more replies
Relevance 41.82%
Question: url.adtrgt.com

I recently got flooded with a bunch of nasty stuff that I promptly removed with Spybot. One of these kept opening ads from url.adtrgt.com, I use firefox exclusively. I though after 2 scans (one online one offline) from Spybot that I had removed whatever was making that happen. So I get on the internet and there it goes again. I thought that the thing causing this was cogad.exe which from the Hijackthis log appears to no longer be running.

I really need help with this, please. Heres the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:10 PM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Mozilla Firefo... Read more

Answer:url.adtrgt.com

Close this, I've found a website where I'll hopefully get a faster response.
 

1 more replies
Relevance 41.82%
Question: Url.adtrgt.com

Firefox is opening random popups with this address every few minutes. It opens a hidden window then luckily times out.

here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:06 PM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\DOCUME~1\berk\LOCALS~1\Temp\winlogin.exe
C:\DOCUME~1\berk\LOCALS~1\Temp\winlogin.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVI... Read more

More replies
Relevance 41.82%

The url.adtrgt.com pop up only seems to be effecting Firefox, I do not get the pop up when using Chrome or IE7. I got the Virtumonde / Antivirus 2009 pop up virus as well and downloaded Malwarebyte's Anti-Malware which I thought got rid of it but something still seems to be lurking. The websites 82.98.235.111 and 89.188.16.2 are also is popping up as well. EDIT:I'm also infected by the Vundo Trojan and 'Malware.Trace'. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:17:29 PM, on 1/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\WINDOWS\Explorer.EXEc:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:&... Read more

Answer:url.adtrgt.com pop ups

Hi,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.Then, I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.Then, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.

6 more replies
Relevance 41.82%
Question: adtrgt pop ups

I use Firefox and often when I'm browsing, pop ups will appear from several sites, but only in Internet Explorer. These ads will be for everything from porn to mobile ringtones to more mobile ringtones and some only come up with page errors (I recieved some other help trying to tighten up IE's security to no avail)

I have attached my HJT and ComboFix log files, named appropriately.

Thanks for any help I can get guys, this is driving me wild
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:06 PM, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RU... Read more

Answer:adtrgt pop ups

I use Firefox but I am constantly getting pop ups in IE, with alot coming from the domain url.adtrgt. Below is my HijackThis log

Thanks for all the help guys


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:06 PM, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOW... Read more

2 more replies
Relevance 41.82%

Every five minutes or so, internet explorer pops up with a window that has url.adtrgt in it.I've tried almost everything. Can anyone help me please??sorry if i dont have any information posted, i saw a similar problem in the forumshere's my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:09:26 PM, on 2/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\syste... Read more

Answer:Url.adtrgt! Need Help!

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments or inside code boxes,thanks.

13 more replies
Relevance 41.82%

a new window opens one after another. I know very little about computers but I think I have some sort of virus. The top of each page has adtrgt on it. I have a Toshiba Satellite with Windows Vista. Any help would be great. Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:05 PM, on 4/19/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\ConfigFree\C... Read more

More replies
Relevance 41.82%

Every time I open my Mozilla browser, I get intermittent pop-ups to "url.adtrgt.com". I really have no idea what it is but I'm guessing it could be some sort of malware, but that's why I am here, I have no idea what to do.

I tried scanning my computer with malwarebytes, spybot, AVG, and SuperAntispyware to no avail. This thing is really pesky.
 

Answer:url.adtrgt.com pop-ups

9 more replies
Relevance 41.82%

Hello, im really having issues with the "url.adtrgt.com" pop-up everytime i browse a webpage it seems to pop up constantly. Can anyone help me with this issue?

I have my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:10 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaant... Read more

Answer:url.adtrgt.com Pop-Up

bump
 

2 more replies
Relevance 41.82%

Hey,

I've been dealing with this url.adtrgt pop-up for over a week. While running Mozilla, it brings up the ads without loading anything on the pop-up page. So I believe Mozilla is blocking the content but the pop-up is still getting through. I've also been dealing trojan virtumonde spyware.I thought I'd be able to clean it out, however, I've seen no change in the ads except that they keep getting heavier. I downloaded hijack this and have run and posted the results below. If I need anything else please let me know. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:49:01, on 1/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\... Read more

More replies
Relevance 41.82%
Question: Adtrgt

Hi-ho there.

I need you guys to help me get rid of this annoying adtrgt.com popup.

Here's a HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:41 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system3... Read more

Answer:Adtrgt

BUMP!!!

Sorry for not posting enough info last time, but I really need you guys to help me. This sucks and it's slowing down my PC.

It's the Virtumonde trojan. In Firefox, popups starting with url.adtrgt.com will appear. Spybot finds and fixes this but it always comes back. I read some tutorial on how to remove it and it said to reboot my computer in Safe Mode With Networking. Well, my computer won't boot into safe mode at all. So please. Help.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:50 AM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Winamp\wi... Read more

1 more replies
Relevance 41.82%

Hello Group,

I just downloaded HJT and during the installation 3 pop-ups just pop-up, going to " url.adtrgt.com" in IE7.

How can I remove this ?

=========== MY LOG FILE ============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:40 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\M... Read more

Answer:url.adtrgt.com ---WHAT IS THIS !!!

Please download SDFix from here and save it to your desktop


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Please download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this ... Read more

1 more replies
Relevance 41.82%

I have already run ComboFix...

ComboFix 09-01-08.01 - a1 2009-01-08 22:09:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1197 [GMT 0:00]
Running from: E:\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\sysdat.dll
c:\windows\system32\cnrlur.dll
c:\windows\system32\elwxnoiq.ini
c:\windows\system32\euokmy.dll
c:\windows\system32\eyipkpyf.ini
c:\windows\system32\ffusaixr.ini
c:\windows\system32\fypkpiye.dll
c:\windows\system32\gjPAyyxx.ini
c:\windows\system32\gjPAyyxx.ini2
c:\windows\system32\gxvlkkcp.ini
c:\windows\system32\hahifeyl.ini
c:\windows\system32\iixhdy.dll
c:\windows\system32\ilvbujxi.dll
c:\windows\system32\jmjkym.dll
c:\windows\system32\ljlcowjb.dll
c:\windows\system32\llnakemy.dll
c:\windows\system32\mearzz.dll
c:\windows\system32\ohpxaa.dll
c:\windows\system32\PsYabIPo.ini
c:\windows\system32\pxumwjfw.dll
c:\windows\system32\rxiasuff.dll
c:\windows\system32\tCbJknmp.ini
c:\windows\system32\uaidjnrr.ini
c:\windows\system32\ungipowi.dll
c:\windows\system32\vaekcl.dll
c:\windows\system32\xvnhnmkr.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 20:58 . 2009-01-08 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPER... Read more

Answer:I keep getting pop-ups from adtrgt.com. Help please!!

And also HijackThis....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:14, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\SUPERAntiSpyware.exe
C:\WINDOWS\system32\HPZipm12.exe
E:\Program Files... Read more

1 more replies
Relevance 41.82%

Hello Group,

I just downloaded HJT and during the installation 3 pop-ups just pop-up, going to " url.adtrgt.com" in IE7.

How can I remove this ?

=========== MY LOG FILE ============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:40 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~... Read more

Answer:Url.adtrgt.com---what Is This !

Hello Group,
This URL keep on popping up.
// url.adtrgt.com

How can I remove this ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:20 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc... Read more

3 more replies
Relevance 41.82%

I have read the "read this first" and downloaded HijackThis and copied the log
they made with their scan of my computer. Do I put it here so someone can help me figure out how to get rid of this? Thanks.
 

More replies
Relevance 41.82%

Here is the ComboFix log as mentioned in another thread for this very same problem.. I could not reply to that thread, so I figured I should simply start a new one.. I need to know which lines to add to the removal process as I'm not 100% sure what items are detrimental.. Thanks..

----------

ComboFix 08-02-11.2 - FBR_BDavis 2008-02-11 5:32:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1553 [GMT -5:00]
Running from: C:\Documents and Settings\FBR_BDavis\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\ipsecc.sys
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\temp\tn3
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\crosof~1\??crosoft\
C:\WINDOWS\system32\ctkrfxwk.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\ipsecc.sys
C:\WINDOWS\system32\m1
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\p4
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\s5
C:\WINDOWS\system32\s5\advcomms3.exe
C:\WINDOWS\system32\wvwbgdly.dllbox
C:\WINDOWS\system32\z6

----- BITS: Possible infected sites ... Read more

Answer:url.adtrgt.com Pop-Under

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Sorry for the delay, we get quite busy here.

Please post a new combofix log also.
 

1 more replies
Relevance 41.82%

Hello TSG! You guys seem to be my only chance at getting rid of this horrible url adtrgt cpv pop up on my IE. It has been like this for a week now and Spybot cleans nothing that fixes this for me.. please let me know what I need to do in order to resolve this asap. I would appreciate any effort to help me! THX!
 

Answer:url adtrgt cpv HELP PLS!

any help guys.. ?
 

3 more replies
Relevance 41.82%
Question: adtrgt.com pop-ups

Yup. The adtrgt.com popups ar unstoppable on my system. Heres my hijackthis log.
If anyone could help, I'd appreciate it. Obviuosly, I've tried all the top anti-spyware programs. THANK YOU.

-derek

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:49 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\system32\AvidSDMService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Digidesign\Drivers\MMERefresh.exe
E:\WINDOWS\system32\E_S00RP1.EXE
E:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Alcohol Soft\Alcohol 120... Read more

More replies
Relevance 41.82%
Question: Url.adtrgt.com

Alright, everytime I open IE, another window is opened at url.adtrgt.com.......then is redirected to whichever website. Some are "crush calculater" , "set the trend" and various other match-making websites. I have used Ad-Aware in safe mode and it supposedly cleared all known infections. But these windows and addresses are still opening everytime I open IE. Any more info on getting rid of this will be appreciated.

Answer:Url.adtrgt.com

For instance, once I posted this message another window popped up addressed to http://url.adtrgt.com/cpv.jsp?p=112221&...stingId=7013888. This is gettting old.

4 more replies
Relevance 41.82%
Question: adtrgt

Not sure what is going on, spybot search and destroy box pops up.It says bad url.adtragt.com I hit deny. Then IE opens with pop ups,while im surfing with fire fox. I have dds.text and attach.txt too.McAfee does not see it or can't find it. Spybot does not see it when i run it.But tells me it is trying to access the internet.Might be time to reload windows? Gonna build a new computer in june.
Thanks Ya'll
DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 21:25:59.03 on Tue 04/14/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.504 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.... Read more

Answer:adtrgt

Thanks ya'll. ended up being vundo.hgo. got it removed.

2 more replies
Relevance 41.82%

I keep getting a pop up from ie on my mozilla internet browser. It says url.adtrgt.com plus many more strange letters and words. Anyone know how I can get rid of this?

Answer:What Is Url.adtrgt.com?

hi and welcome to bleepingcomputerIn this forum there is a topic where someone elses has the same promblem your encoutering. Here is the link: Forum

5 more replies
Relevance 41.82%

I first had black screen with spyware warning: SPybot constantly popping up with registry entry changes even though I clicked deny.
I ran Panda, spybot and malwarebytes - found about 12 different problems. Black screen and warnings are gone but I'm still getting url.adtrgt.com trying to open in separate window, other times its IP 185.12.43.105. Always has "page not found".
I tried to get "hijack this" log to post but after the scan was completed it would freeze and not allow me to copy and paste log- tried 3 times.
I use firefox browser. Thanks!
 

Answer:url.adtrgt.com pop ups

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, can you do the following:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.... Read more

3 more replies
Relevance 41.82%
Question: adtrgt at least...

Hi,

I seem to have contracted whatever causes url.adtrgt to hijack my browser and it looks like you guys are very helpful with these things.
I get constant popups when running, at times about:blank over and
over to where it is difficult to even close the browser. Here is my HJT
log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:39 PM, on 2/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Fil... Read more

More replies
Relevance 41.41%

Hi Guys,

I have a problem with my computer.
looks i have a virus/malware inside my computer. I have to try to restore using system restore, seems i doesn't work.

This kind of <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> infected all of my HTML/PHP/ASPX files in my computer.
I had to try to delete it using notepad, but when i open it again. it still there.

Can sombody please help me, cause i still had a lot of work must be finished monday, and i can't continue to work if my computer still behave like this.

Here is log file using DDS i created to you guys. Thanks for your help

Answer:<iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe>

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 41.41%

Hi, When i am trying to record and web application which is launched on Sharepoint i have below scriptweb_custom_request("ProcessQuery",         "URL=http://vc1cgr01cgi006:9090/_vti_bin/client.svc/ProcessQuery",         "Method=POST",         "Resource=0",         "RecContentType=application/json",         "Referer=http://vc1cgr01cgi006:9090/Lists/DSPortalBase/Home.aspx#",         "Snapshot=t2.inf",         "Mode=HTML",         "EncType=text/xml",         "Body=<Request xmlns=\"http://schemas.microsoft.com/sharepoint/clientquery/2009\" SchemaVersion=\"15.0.0.0\" LibraryVersion=\"15.0.0.0\" ApplicationName=\"Javascript Library\"><Actions><Query Id=\"23\" ObjectPathId=\"2\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query><Query Id=\"24\" ObjectPathId=\"5\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query></Actions><ObjectPaths><Property Id=\"2\" ParentId=\"0\" Name=\"Site\" /><Property Id=\"5\" ParentId=\"... Read more

Answer:HTTP Status-Code=403 (FORBIDDEN) for "http://vc1cgr01cgi006:...

hi ! Same problem here, have you find a solution?

6 more replies
Relevance 41.41%

Hello what can i do to remove these?

AVAST WARNING MESSAGES:

Code:

1st Popup:

URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
2nd Popup:

URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

 

Answer:http://disorderstatus.ru/order.php, http://differentia.ru/diff.php

Help!!! All of a sudden my Google Chrome browser closes...i think that these 2 malwares start to really messing around with my laptop. What can i do?
 

3 more replies
Relevance 41.41%

This is one of the pop-ups that I consistently have. The following is my log file. Every time my internet explorer loads, it pops up. I hardly every use it - I mostly use Mozilla Firefox. I also get a popup from Smashhits, but I don't know the url to that one. Thanks for your help!



Logfile of HijackThis v1.99.1
Scan saved at 5:58:24 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alarm\AlarmMonitor.exe
C:\Program Files\Alarm\Alar... Read more

Answer:http://newads1.com/cmapp/zx-adredirect.php?target=http%3A

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

2 more replies
Relevance 41.41%

Okay... this has been an on going issue... I have corrected much of the problems however this one has got me ticked...

I am only receiving pop ups on IE; does not seem to be affecting Firefox. The only solution that I have found is to kill IE within my ZoneAlarm. However, if I am needing to use IE to view a site the moment I enable IE the pop ups start coming.

I also notice in my Zone Alarm program there are sites that show up under the privacy heading... This area allows me to set my privacy setting for each particular site that I may have visited. Problem is I do not recognize these sites.

I issue seems to be coming from url.adtrgt, but again it could deeper than that. Any help regarding these pop ups and any overall Malware would be appreciated. I noticed on other threads hijackthis logs where attached and/ or posted. I went ahead and added mine; however I can run and/or download any other information that is needed.
 

Answer:HELP! Url.adtrgt getting me ticked

Welcome to Major Geeks!

Please uninstall HJT as it will be properly installed when you do the following:

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

7 more replies
Relevance 41.41%

My PC infected Malware Antivirus 2008 and have been removed it manually. But the remaining thing is ... when open redirect link via IE, that will have a pop-up screen and it pointed to url.adtrgt.com.

Can I use combofix to resolve it???

Answer:How To Remove Url.adtrgt.com

Hello winson16882,Combofix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.If needed, we will direct you to our HijackThis Preparation Guide .

1 more replies
Relevance 41.41%
Question: virus adtrgt.com

I use firefox and IE, firefox will pop up randomly and it's not even running. I have run spybot and avg latest version repeatedly and it will not clean this.

the pop up in IE is
http://url.adtrgt.com/cpv.jsp?p=1121...tingId=7013811

but sometimes it goes to a couple other websites.

another site that pops up is http://www.searchfeed.com/rd/Clk.jsp...815016&snid=69

again these only pop up in IE and I think it's only when I'm in firefox

here is my hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:14, on 2008-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Google\Commo... Read more

More replies
Relevance 41.41%

I've been running into pop-ups for some time now, and none of the anti-spyware software seems to be able to remove them. At the same time, AVG keeps telling me that I'm getting a Trojan in 'wmilibb.sys' that it can't seem to heal or quarantine, and the Trojan seems to be related to some of the pop-ups. I did run combofix recently, and it seemed to get rid of the pop-ups, but it also seemed to kill my sound drivers somehow. I went back to a restore point far prior to Combofix, and restored my sound, but of course, brought back the pop-ups! I've run through all of the checkers listed in the intro thread, and here's my HijackThis log.Any help would be greatly appreciated!Thanks,StephenLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:25:18 PM, on 14/03/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\hp\support\hpsysdrv.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Program Files\Internet Explorer&... Read more

Answer:Adtrgt.com Pop-ups And Trojan

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them or include them codeboxes going forward.Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. It is also possible that you may need to disable your Antivirus or Antimalware programs before this program can run properly A guide on how to temporarily disable many of the common protections programs can be found here.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimizedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

1 more replies
Relevance 41.41%

Hey there, I recently downgraded from Vista to XP on my lappy, and started receiving random popups from url.adtrgt.com. These then redirect to different advertisements... usually for fake spyware detectors, etc. I've tried running Symantec Corporate Antivirus, AVG Free, and Ad Aware to no avail. Anyhelp will be greatly appreciated! Thanks.Here is my Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:32:07 PM, on 4/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.ex... Read more

Answer:Adtrgt.com Infection

Hello jackalneo,I apologise for the delay. The forum is too busy.----------------------------------------------I will be assisting you with your malware issues.Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!Please bookmark or favourite this page. In case you need it as reference or etc.IMPORTANT NOTE:If you are using Windows Vista you must right click on the desktop icon and choose Run as Administrator all tools.---------------------------------------------- RENAME HIJACKTHISThere is some infection hiding in your log.Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Documents and Settings\Tom McIntosh\Desktop\HiJackThis.exe Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.----------------------------------------------Post back:A new HijackThis log.

2 more replies
Relevance 41.41%

When I go online on my laptop it immediately defaults to a popup http://ads.adtrgt.com...etc. From looking around it seems that this is malware and that combofix is likely to be able to resolve this problem. Is it a good idea just to run this a/c your instructions that you have posted on this site, or should I run other checks first?

Answer:Infection with .adtrgt

hi and welcome as the blue text says it can be dangerous on your own. Let's do these first and if needed we'll go there.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select t... Read more

7 more replies
Relevance 41.41%

Hi

I have the blasted adtrgt pop-up on the PC. I attach the log file - any help would be greatly appreciated!!

Thanks
Mark
 

More replies
Relevance 41.41%

First time poster and am looking for help. Currently running Windows XP and having issues with adtrdt.com pop-ups. I have run SuperAntiSpyware, AdAware, and Spybot - Search and Destroy and still am having issue. Not all that savvy on this (censored) comp! Please help.

theBandit

Answer:adtrgt.com Popup not going away

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

7 more replies
Relevance 41.41%

I saw where you've helped others with this irritating adtrgt thing where pop ups happen WAY too often. I have tried everything imaginable to get rid of them and near ready to reformat my hard drive to just get it out.

I already downloaded the Malwarebytes software. It's running now. But I know that it takes assistance so if you could let me know what I need to do...I'm hoping it's as painless as possible.
 

Answer:Need help removing the adtrgt pop ups

I went ahead and deleted what Malwarebytes found. And got this report....

Memory Modules Infected: 6
Registry Keys Infected: 7
Registry Values Infected: 7
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\wabedelu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\liwibaju.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pokihuyi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\radiguyo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\behipaya.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Rdulebodamujum.dll (Trojan.Vundo.V) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21d4a540-d6d4-4792-a307-c3ce0aa1bd67} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{21d4a540-d6d4-4792-a307-c3ce0aa1bd67} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{21d4a540-d6d4-4792-a307-c3ce0aa1bd67} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Qua... Read more

2 more replies
Relevance 41.41%
Question: Adtrgt Malware

My computer is infected with a really nasty malware. Google seems to suggest that it's a fairly common one. It produces frequent pop-ups, most going to a url along the lines of this:

http://url.adtrgt.com/cpv.jsp?p=1121...tingId=7013811

I have Spybot SnD installed, but every time it runs it finds and deletes the same things. Same for Housecall.

I will do anything to get rid of this!

Thanks!
 

More replies
Relevance 41.41%

Hello all,
For the past few days I've been getting random adtrgt popups. It's getting to be quite a nuisance. Can someone help me?
 

Answer:Adtrgt getting really annoying

16 more replies
Relevance 41.41%

Hi,

My computer has been a mess the past week or so and i was hoping someone could help me out. i've been innundated with pop up IE browers even though i use fire fox. i keep on getting a random windows box that opens up telling me its closed a file called WMI to protect my computer, and i've got some random antivirus agent plus program on my computer that i dont recall ever downloading. I ran an adaware scan and it found 41 objects, but didn't solve the problem and AVG hasn't been ablet to find anything. Below is my hijackthis log, any help would be greatly appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:34 PM, on 2/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointS... Read more

More replies
Relevance 41.41%

Hi,

I am constantly getting this pop url:url.adtrgt.com when Im browsing the internet. I especially happens when im using firefox. I pops up about every 2 minutes. Sometime it does it every five seconds. It does it also when using Internet explorer. Other URLs pop also but for the most part the url above is the most consistent. It is annoying as hell!!! Please help. I have included my Hijack This File below. Thank You!
-------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:45:21 PM, on 2/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\iPass\iPassCon... Read more

Answer:Annoying pop up: url.adtrgt.com

Can somone please help?
 

1 more replies
Relevance 41.41%

I have had little problems with spyware, adware, viruses, etc. until I got rid of Sophos AV and Spybot S&D in lieu of McAfee Internet security suite. Problems began within about a week and a month later I reinstalled Spybot S&D and now use AVG antivirus and cleared up most of my problems, I have been using WinPatrol throughout and before this ordeal. The remaining problem is that I have been getting quite a number of pop ups from url.adtrgt.com for both firefox and IE
I have searched your forums and found some respones about this thread, but I haven't noticed any commonality after reviewing a few of the articles and the associated HijackThis logs and comparing them to my own.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:14, on 2/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\CyberLink\Shared ... Read more

More replies
Relevance 41.41%

Hello i been having an issue with a url.adtrgt . com pop up whenever im using fire fox. This is my first time posting on the forums but i did download hijackthis and this is the log i recieved

what can i do to fix this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:46 PM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\So... Read more

More replies
Relevance 41.41%

I have got this annoying little spyware/adware/virus whatever it is that I am tring my best to get rid of. I run Trend Micro for protection. I keep getting random websites popping up or trend micro notification for adtrgt.com. Here is my hijack log.....any help would be much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:00 AM, on 3/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\... Read more

Answer:adtrgt.com removal NEED HELP

I disabled my Trend Micro and ran Combofix as I have seen in other post with this same problem. It did not generate a log when it was finished for some reason or another. I then ran Trendsecure Hijackthis a 2nd time and here is the 2nd log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51, on 2009-03-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateSe... Read more

2 more replies
Relevance 41.41%

Hi, just was recently infected by this. Not that I'm complaining...much. I run about...3 different programs, Spybot, Symantec (required by school) and when discovering this website, malwarebytes. I saw an earlier fix, but I wasn't gonna try to use someone's solution for my problem.

Here's my hijackthis file, but I'm hoping someone can help me with this.

edit= okay...there is no way I'm opening the online blackboard system for my uni with this thing on my computer. if I search for stuff on google toolbar or even the site, a new window, full screen popup, etc..opens out of my control...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:51 PM, on 1/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWa... Read more

Answer:superjuan and adtrgt, from what I can see

bump
 

2 more replies
Relevance 41.41%
Question: adtrgt virus

Here is my notepad generated from Trend Scan. Any help?
StartupList report, 2/24/2009, 8:34:45 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP3 (6.00.2900.5512)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Progr... Read more

More replies
Relevance 41.41%
Question: Adtrgt and Mirar

I have been experiencing some trouble as of late with adtrgt and mirar programs, I have been exhibiting the normal symptoms of Internet Explorer popping up and crashing (I use firefox). I also have not been able to complete windows updates for some time (this was prior to the adtrgt and mirar). And, since I have very little money to do anything but feed myself and pay rent, I have not been able to resubscribe for Pc-cillin. I would send my computer in, but like I said, my cash reserves are dry. Also, Internet Explorer hasnt been able to function for some time (prior to adtrgt and mirar). Lately my computer has been incredibly slow and I have processor spikes that last for about 30 seconds (something ties up my processors, also my page-file usage is abnormally high, its been in the 1.2-1.4 Gb range where if I remember right its usually 600Mb to 700Mb)

Quick Specs
Windows XP
2GB Ram
2 nVidia 8800GTS in SLI
2.4Ghz quad core, Intel
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:55 AM, on 3/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Commo... Read more

Answer:Adtrgt and Mirar

16 more replies
Relevance 41.41%
Question: adtrgt problem

I have been experiencing some trouble with adtrgt. I have been exhibiting symptoms of Internet Explorer popping up to this url appox. 100 times and crashing. Since the problem started I've switched to Firefox, but IE will still pop up every few minutes or so again approx. 100 times. I'm unable to do windows updates. I've tried spybot, ad-aware, spyware doctor, and they won't get rid of it. Here is my specs and hijackthis log, please help:

Quick Specs
Windows XP Pro SP2
1GB Ram
2.39Ghz P4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:49 AM, on 3/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\HPCo... Read more

Answer:adtrgt problem

bump
 

2 more replies
Relevance 41.41%

Somehow on my computer excessive pop ups just keep happening even when using firefox and they come up in IE. I found that even when clicking on links that it sometimes redirects me to something completely different. I can sometimes see something about adtrgt url or something. We use Trend Micro security and it blocks the links sometimes but sometimes it doesnt. A little help would be great. It's a work computer and I have no idea why it keeps happening.

HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:09 PM, on 1/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\In... Read more

More replies
Relevance 41.41%

I'm running windows XP and i keep getting popups. The sites usually just result in Page Load Errors, like http://url.adtrgt.com/cpv.jsp?p=110...&url=Guy&affid=168440&b42=&b42=0.0015&aid=889.

I've tried Malwarebyes' Anti-Malware, Spybot S&D, and Ad-Aware but none of them have fixed my problem

Here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:57 PM, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\S... Read more

Answer:url.adtrgt.com keeps popping up

The P2P programs you have installed expose you to risks because of the nature of the P2P file sharing process. File sharing/P2P programs rely on members giving and gaining unrestricted access to computers across the P2P network. This practice can make you vulnerable to data and identity theft. It also exposes you to very malicious worms and trojans. You change those risky default settings to a safer configuration but the act of downloading files from an anonymous source greatly increases your exposure to infection.

I suggest you go to add/remove programs and remove all P2P programs!
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Please download Malwarebytes Anti-Malware and save it to your desktop. alternate link 1 alternate link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that... Read more

1 more replies
Relevance 41.41%

I've been having this issue and am having it as I type this where this pop-up keeps appearing and opening new tabs over and over again on the Internet Explorer. the link that apears on the url bar is http://url.adtrgt.com/cpv.jsp?p=113...d=641044680b2b11debe7e169208ffffff&rid=155255

I don't know if this is a virus, malware or spyware it just keps popping up and I'd like to know how to stop it if possible. Thank you.
 

Answer:Need help with adtrgt.url virus

bump
 

1 more replies
Relevance 41.41%

Hi, I am having the same problem that I see going around, with Firefox popping up random windows when I use it, with the majority of them being url.adtrgt.com

I have run combofix and hijackthis and will post the logs. But I'm not sure what I'm looking for in the logs so if someone could take a look to see what (if) I need to put in cfscript that would be great. Thanks!
 

Answer:url.adtrgt.com popups

ComboFix 09-01-11.04 - Ramzi 2009-01-12 9:08:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.459 [GMT -5:00]
Running from: c:\documents and settings\Ramzi\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Norton Internet Security 2006 *enabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ramzi\Localdir
c:\documents and settings\Ramzi\Localdir\setup.exe
c:\documents and settings\Ramzi\Localdir\Setup.zip
c:\documents and settings\Ramzi\Localdir\winlogo.exe
c:\windows\adaway.lic
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\auxhmuhb.dll
c:\windows\system32\pxwaau.dll
c:\windows\Sysvxd.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSSRV

((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-09 11:47 . 2009-01-09 11:50 <DIR> d-------- c:\program files\coolpro2
2009-01-09 11:17 . 2009-01-09 11:17 <DIR> d-------- c:\temp\cooleditpro
2009-01-08 15:31 . 2009-01-08 15:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-08 15:31 . 2009-01-08 15:31 73,728 --a------ c:\windows\system32\ja... Read more

2 more replies
Relevance 41.41%

I have a Dell M-140 running XP Media Center.

I had pc cillin until it was time to renew my subscription. Since my isp is comcast i decided to use their anti-virus program Macafee. that was my mistake. MacAfee is fee based virus removal or comcast customers. Dell instructed me to download Webroot Spy Sweeper. I now have that program installed with no success either. Webroot too is a fee based removal program is you want it done that day. I have contacted them and have been instructed to download and run Combo fix and smitfruad fix. I have run both programs and the results are the same. I have sent my logs to them and am still waiting on a response.

Can you help me?

Bob

Answer:url.adtrgt.com needs to be removed

I tried to paste the screenshots here but am unable to. I have 4 and can't put them on here. Do I need special permission to post the screenshots?

2 more replies
Relevance 41.41%
Question: adtrgt.com virus

I ran combofix then hijack this. Do I need to do anything further?Logs hijackthisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:30:21 AM, on 4/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\DigitalPersona\Bin\DpHost.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exeC:\WINDOWS\system32\java.exeC:\WINDOWS\System32\locator.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UTSCSI.EXEC:\Program Files\DigitalPersona\Bin\DPFUSMgr.exeC:\WINDOWS�... Read more

Answer:adtrgt.com virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 41.41%

I'm getting periodic popups warning of possible infection and to CLICK HERE to download and install a free adware removal tool. Also getting redirects to url.adtrgt.com and other seemingly random sites with 404 and 403 errors. Spybot removed several instances of virtumonde.Thanks in advance for your help!HijackThis log follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:15:58 PM, on 8/26/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\ContentWatch\Internet Protection\cwsvc.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINNT\system32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINNT\system\proxy.exeC:\WINNT\system32\nvsvc32.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinM... Read more

Answer:Virtumonde, Pop Ups, Url.adtrgt.com

Hello azwanzig,Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dllDownload random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue ... Read more

18 more replies
Relevance 41.41%

<hxxp://url.adtrgt.com/cpv.jsp?p=110219&ip=70.110.44.149&url=toolbarqueries.google.com/search?sourceid=navclient-ff&features=Rank&client=navclient-auto-ff&googleip=O;null;150&ch=899900baf&q=info:hxxp://www.bleepingcomputer.com/forums/index.php?act=post&do=new_post&f=22&selectedKeyword=tool&default=hxxp://sagipsul.com/go/rfe.php?cmp=vm_mg_fails_juan&uid=6F786A7CD49611DDB709166350CFFFFF&guid=23F58D0B980B42E1ADAC568B1D074DB4&lid=&url=toolbarqueries.google.com/search?sourceid=navclient-ff&features=Rank&client=navclient-auto-ff&googleip=O;null;150&ch=899900baf&q=info:hxxp://www.bleepingcomputer.com/forums/index.php?act=post&do=new_post&f=22&affid=166350&b42=0.0043&aid=520>
I keep getting that annoying pop up link on my firefox even if I don't open it or something. I already tried to do Malware scan and Spybot scan but that keeps reappearing every single time and both of them don't detect it. This is my Hijackthis log file so if you guys could please look into it and see what the problem is. Thank you very much.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:14 PM, on 12/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:... Read more

Answer:I want to get rid of this link right here url.adtrgt.com

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es... Read more

2 more replies
Relevance 41.41%

Hi,I've got a problem with adtrgt.com, I believe. I've followed the steps in your preparation guide, and scanned my computer until I'm blue in the face with Kaspersky, the latest McAfee, Ad-Aware and finally with HJT. Along the way a couple of unactivated trojans were removed. I've also run several rootkit detectors, with inconclusive results.I'm running Vista Home Premium, without SP1.Anyway, I do still have a problem with Adtrgt.com. I frequently get a crash in rundll32.exe, and then in the pop-up I close the application. Most of the time, nothing visible closes, which I take to mean the crappy adware DLL crashed.Looking at my router logs, I see entries for url.adtrgt.com followed by an entry for SomeSiteYouShouldNotVisit.com (you get the picture). So, I'm assuming this is what is killing me and causing the instability.Looking at my IE7 addons, I see one at least that shouldn't be there; it has a random name: tuvSjGYP.dll. It doesn't have a listed publisher. HJT shows the BHO as:O2 - BHO: (no name) - {B22FE1AF-4E65-4781-BFBA-4672DA27D312} - C:\Windows\system32\tuvSjGYP.dllIronically, I think I know the exact time the infection occurred, since all previous system restore points are gone except for one at 12:46pm on Thursday. Hmmm...! I've disabled the BHO I listed above, and now the weird instability has stopped (doh), but there's something else still in there.I've posted my HJT log below, can you folks lend a hand to a desperate guy?Thanks in ad... Read more

Answer:adtrgt.com infection

Hello rdcproPlease download MalwareBytes Anti-malware (MBAM) from one of the following links:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtPlease post a new HijackThis log and the MalwareBytes results.

3 more replies
Relevance 41.41%

I need help to get rid of this "url.adtrgt.com" pop ups.
I saw that you help someone some time ago.
You told him to post the logfile for Hihack this and combofix
Below is the HIJACK THIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:34 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Prog... Read more

Answer:Heed help to get rid of: url.adtrgt.com

Hi, Welcome to TSG!!

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Servi... Read more

1 more replies
Relevance 41.41%

Thanks in advance!

Answer:hijacked url.adtrgt.com

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 41.41%

i have tried many different malware removal programs such as spybot, registry mechanic, avg and i still cannot get rid of this malware. PLEASE HELP!!! i went ahead and followed the instructions i found on your website and here i am! everytime i google something, a couple of seconds later, i get a pop-up window that displays url.adtrgt.com/.....with a different thing following it depending on what i googled.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Zack at 16:46:02.42 on Tue 02/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.76 [GMT -10:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SystemTray\St... Read more

Answer:cannot get rid of url.adtrgt.com pop up on firefox

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

4 more replies
Relevance 41.41%
Question: ADTRGT.com PopUp

Hi,

I have this pop up from ADTRGT.com popping up every 15 seconds. It is annoying the heck out of me. I was wondering if anyone knew how to get rid of this pop up once and for all.

I looked at the other thread similar to this but I am not much of a computer expert. I am not exactly sure what I should do after I download and run the program as mentioned in this thread

http://forums.techguy.org/malware-r...s/680076-computer-hijacked-adtrgt-com-ie.html

Please help me get rid of this. It is just soo annoying..
 

Answer:ADTRGT.com PopUp

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Relevance 41.41%

Hello,

I am running Windows XP Professional with TrendMicro Internet Security. I initially noticed this issue when browsing in Firefox, Internet Explorer would be launched and go to "url.adtrgt.com..." in many, many tabs. The new tabs opened faster than I could close them! After not being able to get rid of this issue using simple things (deleting cookies, uninstalling new software, playing with security settings), I used the "Prevent Unauthorized Changes" feature of TrendMicro to roll back some "Changes Found". After this, I began getting warnings whenever I started a program...the warnings would say "mvinal.dll is not a valid image" or something along those lines...and sometimes "fihiyota.dll is not a valid image". I noticed these dll's (mvinal.dll, fihiyotal.dll) in the windows/system32 folder; the files were dated around the time this issue started. I deleted them. Those warnings have stopped, but I still have the original issue.

Most recently, I uninstalled Firefox (thought maybe some setting there was messed up). However, the issue still persists when I browse in Internet Explorer. I have not tried reinstalling Firefox.

Thanks in advance for any help you can provide.

The contents of my DDS.txt file follow:
DDS (Ver_09-02-01.01) - NTFSx86
Run by Kirk at 22:33:23.51 on Wed 03/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.521 [GMT -5:00]

AV: T... Read more

Answer:something causing many "url.adtrgt.com" pop-ups

I noticed a new symptom...my Windows Automatic Update was really screwed up. Could not get it to work and tried several things suggested on the Microsoft Update site, but still no luck. When searching around the site, I decided to download Windows Defender. After downloading and running, it found several versions of Vundo (Vundo.gen!G, Vundo.gen!H, Vundo.KM). I ran it and rebooted several times, because it kept finding new stuff. Now things seem to be back to normal. No more crazy pop-ups. I can even get the Windows Automatic Update to work.

I ran DDS again. If someone can take a look to see if any bad stuff remains, that would be great. But I don't think it as urgent as before.

Thanks.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Kirk at 23:19:05.10 on Fri 03/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.378 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Appl... Read more

4 more replies
Relevance 41.41%

When I'm using Firefox or internet explorer 7 I randomly receive pop ups with the addresses url.adtrgt.com and different ip address like 70.38.98.32 try to connect but fails. Couldnt not attach file so i put it on the bottom
DDS (Ver_09-01-07.01) - NTFSx86
Run by USER at 9:32:16.25 on Sat 01/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.456 [GMT -8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe... Read more

Answer:pop ups with the addresses of url.adtrgt.com

Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers.WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has compl... Read more

7 more replies
Relevance 41.41%

I'm getting multiple popups from url.trgt every few minutes and notice significant performance loss on my mahcine.Please help, any help would be greatly appreciated.Here's the DDS log and I'll attached the "Attach" file.DDS (Version 1.1.0) - NTFSx86 Run by Admin at 12:14:37.11 on Fri 12/26/2008Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1320 [GMT -8:00]AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)FW: Trend Micro Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Sony\Shared P... Read more

Answer:url.adtrgt.com popups - pls help

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

4 more replies
Relevance 41.41%

Hi,My computer has been a mess the past week or so and i was hoping someone could help me out. I've been inundated with pop up IE browsers even though i use fire fox. i keep on getting a random windows box that opens up telling me its closed a file called WMI to protect my computer, a similar box regarding a program 173.exe, and i've got some random antivirus agent plus program on my computer that i don't recall ever downloading. I ran an adaware scan and it found 41 objects, but didn't solve the problem and AVG hasn't been ablet to find anything. Below is my hijackthis log, any help would be greatly appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:52:34 PM, on 2/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Hotspot Shield\bin\... Read more

Answer:help! adtrgt pop ups, 173.exe and other problems

Hello float1nq1nspace,I apologise for the delay, the forum is extremely busy.I will be assisting you with your malware issues.Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!Please bookmark or favourite this page. In case you need it as reference or etc.If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.----------------------------------------------I see that you also posted for help here:http://forums.techguy.org/malware-removal-...r-problems.htmlIf I will help you, please close the thread at Techguy forum. As forums are too crowded with users who needs help, it doesn't help anyone if each user posts to multiple forums. It make the problem bigger, as helpers are less from people who needs help.----------------------------------------------Please post a new HijackThis log.

2 more replies
Relevance 41.41%
Question: adtrgt.com popups

Hi, I have been experiencing popup tabs lately. Spybot detected virtumonde but the problem persists.Here is the hijackthislog:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:55:18 PM, on 12/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Symantec AntiVirus\SmcGui.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\... Read more

Answer:adtrgt.com popups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to di... Read more

2 more replies
Relevance 41.41%

Hi There,Hope you can help me out.I've noticed for the past 2 or 3 days that i've been getting pop up ads from url.adtrgt.com. I ran a virus scan today (21st Dec) using Trend Micro Internet Security 2008 which found and quarantined the trojans. I deleted the trojans from my PC and restarted but I'm still getting these popus. Here is the RSIT logs and I've also included the virus scan log of trend micro internet security.I also ran Kaspersky's free online scanner and found nothing Any help would be greatly appreciatedLogfile of random's system information tool 1.05 (written by random/random)Run by HP_Owner at 2008-12-21 13:26:37Microsoft Windows XP Home Edition Service Pack 3System drive C: has 54 GB (37%) free of 146 GBTotal RAM: 2559 MB (74% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:26:38 PM, on 21/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvs... Read more

Answer:url.adtrgt.com popus

Hi Guys,You can close this topic now. I have fixed it using the how to guide: http://www.bleepingcomputer.com/malware-re...undo-virtumondeCheers

2 more replies
Relevance 40.59%

Hey Guys/Girls,

I am having huge problems with ad popups in an IE window when I don't have IE open. I use Mozilla FireFox and every time I do a search (google) I get related ads to my search loading in IE as well as pages going to "The True Love Meter" and other sites stemming from ADTRGT.COM... I have tried every spyware and adware prog I can think of but nothing removes it... Please Help.

Here Is my HijackThis 2.0.2 Log...

===============================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:54 AM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\... Read more

More replies
Relevance 40.59%

Hey there, I recently downgraded from Vista to XP on my lappy, and started receiving random popups from url.adtrgt.com. These then redirect to different advertisements... usually for fake spyware detectors, etc. I've tried running Symantec Corporate Antivirus, AVG Free, and Ad Aware to no avail. Anyhelp will be greatly appreciated! Thanks.
Here is my combofix log:

ComboFix 08-04-20.5 - Tom McIntosh 2008-04-22 14:10:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1363 [GMT -7:00]
Running from: C:\Documents and Settings\All Users\Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtrsQgD.dll
C:\WINDOWS\system32\cbXNhEWP.dll
C:\WINDOWS\system32\eylgekja.dll
C:\WINDOWS\system32\hgGvtTll.dll
C:\WINDOWS\system32\ljJAPHYP.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnmJYSi.dll
C:\WINDOWS\system32\rqRJaWmL.dll
C:\WINDOWS\system32\rqRlLbCV.dll
C:\WINDOWS\system32\VCbLlRqr.ini
C:\WINDOWS\system32\VCbLlRqr.ini2
C:\WINDOWS\system32\vtUKAqNe.dll
C:\WINDOWS\system32\xpbsyxkf.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 13:07 . 2008-04-22 13:44 <DIR> d-------- C:\Program Files\Remove-it
2008-04-22 12:58 . 2008-04-22 12:58 <DIR> d-------... Read more

Answer:Solved: adtrgt.com infection

7 more replies
Relevance 40.59%

Dear Forum Friends,

First off, just wanted to say, cool site and great work. I've read through someone else's repair of this terrible pop-up virus, url.adtrgt.com, and I really wanted some help with it myself. I think it may also be tied in with the reason why my laptop wont stay asleep or wont stay hibernated.

Please, I am so frustrated with this - my laptop used to keep power for hours but after this virus, the battery ends up dead even after i shut down the computer after a few hours. In any case, the popups have rendered my IE completely useless.

I'm sorry I'm not as experienced as I'm sure many of you are, but could someone PLEASE take me through the steps to repair my computer?
I've dL the hijack this, and I am posting the log here, in the hopes that it finds a friendly eye.

Best,

elliotnyc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:31, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Progr... Read more

More replies