Computer Support Forum

Solved: Vundo, WinAntiSpyware 2007, WinAntiVirus 2007.

Question: Solved: Vundo, WinAntiSpyware 2007, WinAntiVirus 2007.

I ran the newest Vundo Fix, Combo Fix, and SuperAntiSpyware on this system and things seem fine. I need a second opinion on this HijackThis log please. ComboFix Log in next post.
HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:35:58 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MotionBased\Agent\MBAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\Beth\Desktop\Ken\HiJackThis_v2_July 03 2007.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.partner=sbc&.done=http://sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {63604F43-8391-46CF-8F06-1BEC89A6D12C} - \
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
O4 - HKUS\S-1-5-21-2575326689-3174580811-2789627501-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'LogMeInRemoteUser')
O4 - Startup: AT&T Yahoo! Online Protection.lnk = C:\Program Files\Yahoo!\YOP\yop.exe
O4 - Startup: MotionBased Agent.lnk = C:\Program Files\MotionBased\Agent\MBAgent.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://winantivirus.com/download/20...wav-scan_us_en_dms&lid=288&affid=pp_932443445
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9421 bytes

Relevance 100%
Preferred Solution: Solved: Vundo, WinAntiSpyware 2007, WinAntiVirus 2007.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Solved: Vundo, WinAntiSpyware 2007, WinAntiVirus 2007.

9 more replies
Relevance 82.65%

Hi,

I have suddenly started receiving WinAntiVirus and WinAntiSpyware popups.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:35 PM, on 2007/09/12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C... Read more

Answer:WinAntiVirus Pro 2007 & WinAntiSpyware infection

11 more replies
Relevance 77.14%

Could somebody please take a look at this:1st had Winantispyware- ran combofix, vundofix.almost clear but came back next day.Trend antivirus reported TSPT.AGENT.AAYOIn safe mode with networking:Ran SuperAntispyware, reprted ezula, vundovariant, web buying assistant. tried to clean, message said it had to reboot, no sign of anything happening upon reboot. ran Vundobegone..found nothingran HJT (renamed as something else)here is the VBG log:[10/02/2007, 9:23:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sharon\Desktop\Bleeping\Virtumondebdgone\VirtumundoBeGone.exe" )[10/02/2007, 9:23:26] - Detected System Information:[10/02/2007, 9:23:26] - Windows Version: 5.1.2600, Service Pack 2[10/02/2007, 9:23:26] - Current Username: Sharon (Admin)[10/02/2007, 9:23:26] - Windows is in NORMAL mode.[10/02/2007, 9:23:26] - Searching for Browser Helper Objects:[10/02/2007, 9:23:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)[10/02/2007, 9:23:26] - BHO 2: {10B4E760-A07A-4C34-9E15-1ADBB9EF8A2A} ()[10/02/2007, 9:23:26] - WARNING: BHO has no default name. Checking for Winlogon reference.[10/02/2007, 9:23:26] - Checking for HKLM\...\Winlogon\Notify\geedd[10/02/2007, 9:23:26] - Key not found: HKLM\...\Winlogon\Notify\geedd, continuing.[10/02/2007, 9:23:26] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)[10/02/2007, 9:23:26] - BHO 4: {AA58ED58-01DD-4d91-8333-C... Read more

Answer:Vundo Winantispyware 2007

OK I had renamed the wrong (setup) fileIn Normal modeafter renaming the HJT.exe filenew HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:22, on 10/2/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\CTHELPER.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe... Read more

7 more replies
Relevance 97.99%

Hello,

About 3 weeks ago I started having all this spyware and pop-ups on my computer. I've tried several antivirus and antispyware programs and can't seem to get rid of it. I also have PurgeIE to clear history, empty recycle bin, etc. and sometimes after I've closed all my IE windows it tells me that IE is still open in a hidden window. When I press ctrl-alt-delete and view processes Iexplorer.exe is still open. I can't figure this out. I ran HijackThis and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 6:43:28 AM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\gua... Read more

Answer:Winantivurspro 2007, Winantispyware 2007, etc. taking over

Please download http://www.atribune.org/ccount/click.php?id=4 to your
desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click
YES
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will shutdown your computer, click
OK.
Turn your computer back on.
Go here and downlaod the latest version of java, once
downloaded, go to add/remove and uninstall all previous versions of java
from add/remove and then instlall the latest version you just downloaded!
http://java.com/en/download/manual.jsp


Download ComboFix from
Here
or
Here
to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just
before Windows starts to load. If done right a Windows Advanced Options menu
will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a
HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its
running. That may cause it to stall
post another log, the vundo and the combo logs!
 

3 more replies
Relevance 97.17%

I've run tons of virus scans like McAfee, and AVG but it can't find the Winantispyware problem. I run a Comcast toolbar scan, and it keeps finding it every time 2 objects of Winantispyware 2007, a rogue security software. I'll copy the hijackthis log I generated when running in safe mode... I think that's what I do, right?

More than willing to give any other information, I just want to get rid of it so it stops popping up randomly.

Logfile of HijackThis v1.99.1
Scan saved at 9:04:49 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start P... Read more

Answer:Solved: Winantispyware 2007

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found a... Read more

1 more replies
Relevance 97.17%

Hi,

Unfortunately I became infected with WinAntiSpware 2007. I read through the forum and think that I have taken care of the problem. I ran HijackThis, and was able to remove the entries associated with WinAntiSpy. I still not sure if I removed everything or if there is something else plaguing my system. I have included the log file from HijackThis below. Thank you so much for your help.

Picoides

Logfile of HijackThis v1.99.1
Scan saved at 12:30:29 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Iomega\Driv... Read more

Answer:Solved: WinAntiSpyware 2007

6 more replies
Relevance 97.17%

I followedthe instructions I found here: http://forums.techguy.org/malware-removal-hijackthis-logs/610785-my-laptop-contracted-winantispypro2007.html?highlight=WinAntiSpyware+2007 after doing a search on these forums.

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:47 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\WINDOWS\System32\snmp.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\PROGRA~1\Webshots\webshots.scr
E:\WINDOWS\System32\svchost.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\iPod\bin\iPodS... Read more

Answer:Solved: Did I fix it? (WinAntiSpyware 2007)

12 more replies
Relevance 97.17%

I have winantispyware2007 on my system from my mom clicking on an advert thinking it "would delete" (she isn't too good with computers) We already used our spyware scanner. It tried to delete as much as it can. We then boot the computer in safe mode and deleted the program. The icon isn't on the desktop, but we still have popups and the adware is coming back.

Can someone please help! This computer is shared and I will be grateful if this problem is solved!
 

Answer:Solved: winantispyware 2007...help!

16 more replies
Relevance 95.94%

Hello everyone.
This morning my father somehow had WinAntiSpyware 2007 installed on the desktop. I found this forum:

http://forums.techguy.org/security/556561-removing-winantispyware-2007-hjt-log.html

and followed the instructions. I have yet to remove the program on the Add/Remove programs window. Here is my hijackthis entry.

Logfile of HijackThis v1.99.1
Scan saved at 1:59:10 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1.1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\P... Read more

Answer:Solved: WinAntiSpyware 2007 Removal

15 more replies
Relevance 95.94%

Hail tech masters !

I have spent better portion of this past week battling our arch enemy of the new millennium = SPYWARE !!!!

I picked up winanitspyware 2007 on sunday 7/29/07 after several late nights trying to fix and equally troubled days browsing many forums on my popup free work computer for support . I finally found two reputable web forums TSG being the primary, Atribune the other, and of which I have been a registered user since 2005, but both suggested similar methods to hopefully fix. I was able to get a point where it seems okay, but I see a couple items on hijackthis that concern me so anyway I just wanted to post my most recent HJT log
to see if I am out of the woods yet ?

I have already deleted out old java, ran vundofix until it found nothing and also opened several times in safe mode to utilize the older vundokillbat, but I feel there is still a malicious lurker on my system in the form of : swinsndt.exe SKY009 ? and perhaps others still there ?
Logfile of HijackThis v1.99.1
Scan saved at 7:19:09 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\... Read more

Answer:Solved: remnants of winantispyware 2007 ?

16 more replies
Relevance 95.94%

Hey guys.

Got hit with the auto-download from WinAntiSpyware. Pop-ups now constantly hit me each time I open a new browser with Internet Explorer. Running on Windows XP Media Center Edition. Dell Dimension XPS_Gen_3.

I'll try to do my best here giving as much info as I can. I read up in other threads the programs you were using to get logs and such (HijackThis, ComboFix). This is what I got for you so far:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:27 AM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\... Read more

Answer:Solved: Spyware: WinAntiSpyWare 2007. Ugh.

15 more replies
Relevance 95.94%

I don't know how i got infected, but this 'WinAntiSpyware 2007' just popped up and then a bunch of random popups started soon after. Here is my Hijackthis Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 4:53:46 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Pla... Read more

Answer:Solved: Please Help!!! Infected by WinAntiSpyware 2007

16 more replies
Relevance 95.94%

Hi,

I'm infected with WinAntispyware and Internet speed montoring viruses. It's driving me crazy~

Please help!
 

Answer:Solved: help me! WinAntispyware 2007 problem

16 more replies
Relevance 91.84%

Hi - I got another pop-up virus running on my PC where an ad pops in every 5-10 minutes. Below is my HijackThis log - any help is very much appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:48 AM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\logitech\nulooq navigator\nulooqcore.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\WINNT\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\NuLOOQ navigator\NuLOOQHelper.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\Program Files\Adobe\Acrobat 8.0\A... Read more

Answer:Solved: WinAntiVirus 2007 got me again!

7 more replies
Relevance 91.84%

I am getting these popups and I cannot get rid of them. I have never had this so any help would be appreciated. I have AVG anti-spy already, (had it on my old com worked well). I just need to know what other programs I need and what to look for.

edit: I am also getting something from my firewall that says it found malware called........Tiny.id. I tell it to clean and quarantine and it does but about 20 mins later it pops up again.

Thanks alot.
 

Answer:Solved: Winantivirus 2007

10 more replies
Relevance 91.84%

Yesterday, I encountered a series of pop-up messages telling me to download WinAntiVirus Pro 2007. It wouldn't go away so I went online to me favorite support site (right here) and followed some similar threads.

Here is a log from ComboFix:

ComboFix 07-08-06 - "Compaq_Owner" 2007-08-05 17:22:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp62.tmp.exe
C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp64.tmp.exe
C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp65.tmp.exe
C:\WINDOWS\system32\dinemx.dll
C:\WINDOWS\system32\dnece4e428.dat
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\system32\tmp64.tmp.dll
C:\WINDOWS\system32\tmp65.tmp.dll
C:\WINDOWS\system32\vtstu.exe
C:\WINDOWS\xhelper.dll
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))
2007-08-05 17:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 16:48 131,433 --a------ C:\WINDOWS\tutqnl.dll
2007-08-03 16:22 13,380 --a------ C:\WINDOWS\system32\jkhhihe.dll
2007-07-30 17:26 <DIR> d-------- C:\Program Files\Foxit Software
2007-07-30 17:22 84,992 --a------ C:\WINDOWS\WebAssist.dll
2007-07-28 15:31 <DIR> d--hs-... Read more

Answer:Solved: WinAntiVirus Pro 2007

16 more replies
Relevance 91.84%

Winantivirus pro 207 popped up on my computer and i clicked cancel at which point it tryed to install itself. Luckily, my firewall (eTrust Ez Firewall) "stopped" it. The program did not download but still managed to infect my computer. Even after running eTrust EZ Antivirus, Spybot Search and Destroy, Spyhunter, and Ad-Aware I stll get popups for Winantivirus Pro 2007, Zedo, and alot more.

I'm running windows xp and need help!

Edit: I'd post a Hijack This log like I've seen everyone else do, but I don't know how. Can someone pleae tell me how to do that?

Edit:Also, I keep getting these popups saying that Myspace is giving me a free celebrity quiz that acts in much the same way as the winantivirus installer- no matter what I do, it takes me to another page. Is this a virus in itself?
Edit:Found out (on this site) how to install and use HJT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:45 AM, on 7/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files... Read more

Answer:Solved: Help with winantivirus pro 2007

12 more replies
Relevance 91.84%

Hey guys this is my first time asking for help. I have winantivirus, I get continuous pop ups, in fact you wouldn't believe how long it took me to get on here =) but anyway here's my hijackthis log, any help would be greatly appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:10 p.m., on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\pyphfagf.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HJT\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microso... Read more

Answer:Solved: WINANTIVIRUS 2007, please help =)

16 more replies
Relevance 90.61%

Hi to all - Im new and infected and pissed! I deactivated my Panda because of inteference to my network connection with printer - anyway - i get opened sites like :recross.com, broadcasting.com, errorsafe, winantivirus pro 2007 and very often signs that im infected and that i have to download winantivirus 2007 - can someone helpp!!! thanx!

Logfile of HijackThis v1.99.1
Scan saved at 9:16:59 &#956;&#956;, on 30/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\drivers\CIR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe... Read more

Answer:Solved: Problem with WinANtivirus 2007 and others

11 more replies
Relevance 90.61%

This is one very sneaky program. I've been trying for the past day and a half to manually remove it, but I can't seem to wipe out all of the files. It seems that this one's over my head.

Here's my latest log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:00 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGS... Read more

Answer:Solved: WinAntiVirus Pro 2007 (HJT log included)

14 more replies
Relevance 90.61%

Like almost every other human being I'm infected with the oh-so annoying Win Antivirus Pro 2007 program that causes pop ups and porn pop ups and all sorts of stuff. I have tried Vundo and tons of other removal programs like Smitfraud and and CCleaner and Ad-Aware and such. I really need help, here is my HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 3:30:58 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1136992782\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WNSXS~1\netdde.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Trevor\My Documents\?dobe\?ti2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Trevor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/
R3 - URLSearchHook: Y... Read more

Answer:Solved: Winantivirus Pro 2007 Can't Remove

12 more replies
Relevance 90.61%

I have been infected with this for nearly a week now . I have tried several "fixes" from other web sites and spyware removers. Nothing works. A key player seems to be a file called XPDX.SYS which appears to be embedded in windows system 32. Spyware progams can pick it up but it never gets removed. "Kill box",maual removal, "unlocker" and "remove on reboot shell extension" all fail to shift it. When I try to delete it I get the message " cannot delete xpdx. cannot find specified file.

Please help.

HJT Logfile below
Logfile of HijackThis v1.99.1
Scan saved at 21:23:01, on 27/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program... Read more

Answer:Solved: rustok-b / winantivirus pro 2007 HELP

9 more replies
Relevance 90.61%

I got a popup add trojan day 2 of setting up my new cpu, i got adaware, scanned and found 57 adwares, mostly cookies. after cleaning them and resetting, i find 3 cookies and winantivirus. i've tried cleaning them with mcafee, adaware, and spybot search and destroy. nothing seems to work, please help. heres my HJTS report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:13 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
E:\Program ... Read more

Answer:Solved: Cant remove winantivirus 2007

If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt Even if it does not find anything.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click th... Read more

3 more replies
Relevance 90.61%

Hi

I have a problem with many pop-ups and advertisements that seem to appear as part of certain websites when they are not. Also, downloads that I have not started pop-up out of nowhere particularly winantivirus pro 2007. I have tried to remove the source of the problem with ad-aware se but to no avail. Can an expert on the forum help me on how to get rid of this very annoying problem please, it will be greatly appreciated.

Thanks
 

Answer:Solved: Winantivirus pro 2007 and various other random pop-ups, help

13 more replies
Relevance 90.61%

Please help, my computer has been infected with WinAntiVirus. Have run SpySweeper and McAfee with no luck. I have included my Hijack this file below. Any assistance on this matter will be greatly appreciated. Thanks!!!

Logfile of HijackThis v1.99.1
Scan saved at 10:26:36 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HijackThis\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju... Read more

Answer:Solved: WinAntiVirus Pro 2007 Removal

14 more replies
Relevance 90.61%

Took me 5 hrs to clean the mess up and I am sure i got it all. I would like someone to look over the HijackThis report and see if I missed anything...

TIA!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:48 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\Integrator.exe
C:\Program ... Read more

Answer:Solved: Got zapped by WinAntiVirus 2007...

16 more replies
Relevance 89.79%

I have Trend Micro. I don't know how I got this but I can't get rid of it. Here is my log file. Any help would be awesome. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 3:28:26 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Eek! Records\Eek! Promoter\EekPromoter.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe... Read more

Answer:Solved: Trojan w/ WinAntiVirus 2007 pop ups..Slow PC

11 more replies
Relevance 89.79%

Hello

I have been having LOTS of problems with my computer. The few things I have been able to identify are the WinAntiVirus popups, 2006 and 2007, and some drive error cleaning or clean drive popups as well... I can't remember very well. And a suspicious khfecyy.dll (according to a VundoFix tool I found on a site on Internet). The computer has been acting really erratic lately.

I found another post concerning this problem on this site, and I was SO DESPERATE that I just decided to go ahead and do what it was covered there for the removal of these pop ups.

So... I ran Hijackthis and made an initial Log report, then I executed ComboFix, then I installed and ran Superantispyware (SAS) free home version, and finally made a second Hijackthis Log Report. I downloaded these programs from links provided in that post. I'm posting these reports in this thread.

This is the link to the post I'm referring to: http://forums.techguy.org/malware-r...9310-solved-help-winantivirus-2006-keeps.html

I don't know what to do now !!!!!!!

Can someone help me? PLEASEEEEEEE REVIEW MY LOG REPORTS

I'm using Windows XP
 

Answer:Solved: Help WinAntiVirus 2006,2007,etc. Keeps popping up!

16 more replies
Relevance 89.79%

i cant get rid of it, if anyone could PLEASE help i would be so gratefull.

this is my hijack this log file

Logfile of HijackThis v1.99.1
Scan saved at 11:07:52 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yah... Read more

Answer:Solved: WINANTIVIRUS 2007 has attacked my computer !!

16 more replies
Relevance 85.69%

I was just putzing around online when all of a sudden WinAntispyware 2007 popped up and started installing itself. I hadn't clicked on any ads or links, so i have no clue what happened. It installed and all sorts of internet explorer pages started opening themselves to supposed anti-spyware program pages and warning messages were also popping up. I scanned my computer with a whole bunch of antispyware and antivirus (ad-aware, spyware terminator, counterspy, avg antivirus, anti-spyware, and anti-rootkit, panda antivirus, and spyware doctor). It took me almost all day to run all the different programs and they all reported different infected files. I deleted everything that the programs found, but I'd just like to make sure my computer is clean. Any help is EXTREMELY appreciated!Below is my HJT log.Thanks!~DeniseLogfile of HijackThis v1.99.1Scan saved at 1:09:01 PM, on 6/18/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\Program Files\Pa... Read more

Answer:Winantispyware 2007

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please download VundoFix to your Desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt and a new HijackThis log in your next reply.Thanks,Charles

10 more replies
Relevance 85.69%

I'm using windows xl.Last few weeks keep getting following message.
winantispyware2007
hkey_local_machine\system\currentcontrolset\enum\root_fopn\0000.
Any help so I can stop this would be greatly appreciated
 

More replies
Relevance 85.69%

Hey! Someone please help me! I can't get this program off of my computer. I've tried everything..and nothing is working! My job is on the computer and this is really interfering!

Please help quick!!

Thanks!
 

Answer:I need help getting rid of Winantispyware 2007!

8 more replies
Relevance 85.69%

I am having trouble with removing this software....I don't know a whole lot about computers and cannot remove the program from the Add/Remove panel. I saw that most people are putting up a HJT screen, so I downloaded it and this is what I got:

Logfile of HijackThis v1.99.1
Scan saved at 9:46:51 AM, on 8/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\... Read more

Answer:WinAntiSpyware 2007

Hi, Welcome to TSG!!
Run HijackThis and click Open the Misc Tools section

Click Open Uninstall Manager
Save list
click on the Desktop icon or select to save the list on the desktop
then click save.

Open the file and copy/paste the contents back here in your next reply.
 

1 more replies
Relevance 85.69%

OK i'm not the smartest computer person and thats where this all started. Three days ago i had flashing question mark in my systems tray telling i needed to purcahse some antispyware since some had been detected on my comptuer and was going to casue problems if i didn't. So silly me i looked around the web and ended up purchaseing winantispy 2007 w/ drive cleaner. To make along story short, last night i figured out that this program was malicous in nature and hadn't solved my problem. I still have this flashing icon. I talked to an IT friend of mine who directed me to free programs such as spybot search and destroy and an adware program. THese cleaned up some issues but i still have that flashing icon in my system tray, which tells me that i still have a problem. I was going to do a system restore but that was disabled and is not avaliable to me. I am running windows xp and also have mcafee security on computer. Any help w/ this would be greatly appreciated. Need some experienced help here please in resolving issues. Spybot did a search and immunized most of it except for something regarding winantispy in the H_Key directory. Said to run it on system restart. Which it did but nothing happened and computer just sat on home screen.
 

Answer:Winantispyware 2007

Hi and welcome

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Relevance 85.69%

SmitFraudFix v2.219

Scan done at 17:38:38.89, Tue 09/04/2007
Run from C:\Documents and Settings\Chris.PC315417827683\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\lodsrngj.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mwinpmdt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Chris.PC315417827683\Local Settings\Temporary Internet Files\Content.IE5\89SBUDEF\VundoFix[1].exe
C:\WINDOWS\system32\cmd.exe

hosts
?... Read more

Answer:WinAntiSpyware 2007 HELP!

12 more replies
Relevance 85.69%

McAfee sent me to you. I can't get rid of Winantivirus 2007 along with Errorguard, drivecleaner and Systemdoctor. Please help!

Logfile of HijackThis v1.99.1
Scan saved at 2:14:33 PM, on 2/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ehome\ehmsas.exe
c:\PROGRA~1\mcafee.com\agen... Read more

Answer:Winantispyware 2007

Hello craigano, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

The programs you mentioned are not showi... Read more

1 more replies
Relevance 85.69%

i keep getting these pop ups that say that it will perform free scans because my computer is infected. how do i get rid of them. Please help.
Thanks
 

Answer:Please help with winantispyware 2007 pop ups

11 more replies
Relevance 85.69%

Hi All

Have a pop-up every time my computers starts up.

Winantispyware2007
(hkey_local_machine\system\currentcontrolset\enum\root\legacy_fopn0000)

My Blueyonder security informs me that the virus been removed, but file mentioned above cannot be removed.

Can anyone help me in removing above fill to stop pop-up.

Kyliexxxblue.
 

More replies
Relevance 84.46%

Hello wise ones! What I'm experiencing now is a constant window in the bottom right of my screen asking me to Register WinAntiSpyware. There is no way to get rid of this screen. So I found your site and followed three diagosis suggestions. 1. intsalled and ran in safe mode SuperAnitSpyware and found 231 items and deleted them. That still didn't work so I tried the Smitfraudfix tool suggested by buddy215 that I found in a posting as Spybot when ran couldn't delete this smitfraud file. That went as planned but still no luck. Thirdly, tried the VundoFix.exe and that scan didn't find anything to remove. So here I sit 100% confused and extremely hopeful that someone can figure this problem out.Heres the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:21:35 PM, on 7/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXEC:\Program Files\Bo... Read more

Answer:Infected With Winantispyware 2007

Hello sckasf,Please download Combofix to your desktop.Doubleclick combo.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt.Post this log in your next reply together with a new hijackthislog.

12 more replies
Relevance 84.46%

I just want to get rid of this thing. Any advice on how to get it off.

Here is my HJT log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1145504540\ee\AOLSoftware.exe
C:\WINDOWS\system32\77d6d26c.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ru... Read more

Answer:Removing WinAntiSpyware 2007 HJT log here.

Hi, JosephT.

Welcome to TSG.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

Download the latest version of Java Runtime Environment (JRE) 6 .
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Sc... Read more

1 more replies
Relevance 84.46%

This program keeps trying to install itself on my PC on startup. I'm running XP Pro with AVG and Zone Alarm. Running Ad-Aware and Spybot still did not delete the file.

I did go through msconfig and uncheck the program from the startup list...I'll post an update on that. But here's my HJT log. I haven't fixed any errors in the scan yet though...



--------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:25:07 PM, on 8/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Ma... Read more

Answer:WinAntiSpyware 2007 FreeInstall

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

15 more replies
Relevance 84.46%

I first posted this topic:http://www.bleepingcomputer.com/forums/t/97663/please-help-remove-winantispyware-2007/I have run Super Antispyware. It removed infected files, but the log did not mention Vundo or Smitfraud. I did not run either of those fixes. After completing the steps outlined in this topic:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/I reran Super Antispyware in safe mode and it did not find any infected file. Below is the Hijack This file:Logfile of HijackThis v1.99.1Scan saved at 3:34:28 PM, on 7/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\igfxpers.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exeC:\WINDOWS\system32\ctfmon.exeC:\... Read more

Answer:Infected With Winantispyware 2007

Welcome to BC Download Combofix and save it to your desktop.http://download.bleepingcomputer.com/sUBs/ComboFix.exeNote: It is important that it is saved directly to your desktopClose any open browsers.Double click on combofix.exe & follow the prompts.When finished, it shall produce a log for you.Post the ComboFix.txt and a fresh Hijackthis log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall

11 more replies
Relevance 84.46%

any help would be great thanks.logfile:Logfile of HijackThis v1.99.1Scan saved at 5:13:28 PM, on 6/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32\E_S00RP1.EXEC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\SAgent4.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WgaTray.exeC:\Program Files\Analog Devices\SoundMAX\SMTray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\D-Tools\daemon.exeC:&#... Read more

Answer:Winantispyware 2007 Need Removal

also if there is anything else i need to remove to make my computer run smoother and faster that would be nice too thanks

12 more replies
Relevance 84.46%

While on a music website using Internet Explorer, I believe WinAntiSpyware 2007 was downloaded onto my computer (running Windows XP). I have run Spybot - Search & Destroy, but there are three registries that it cannot fix. When restarting, Spybot will remove the registries but there must be another file because they reinstall. I'm not sure what the next step for removing this should be. Any help that you could give would be greatly appreciated. Thank you.

Answer:Please Help Remove Winantispyware 2007

Could be either Vundo or Smitfraud infection.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/(It is possible that Super Antispyware will remove the problem)Review Super Antispyware's report and if Vundo is mentioned, use the tools in the link below.http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/If Smitfraud is listed use the Smitfraudfix tool in the link below. http://siri.urz.free.fr/Fix/SmitfraudFix_En.phpPost a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------How To start Windows in Safe Modehttp://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

1 more replies
Relevance 84.46%

this downloaded on it's own and now i get a small pop up bubble that i should download the program, this has happened before and i was able to fix it but not on my own,
i have included the log from combofix, if i need to post my hjt log let me know, please and thank you for the help

shade

"Owner" - 2007-07-13 10:46:16 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

ADS removed - system32: deleted 68250 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\mljklmm.dll
C:\WINDOWS\system32\mljklmm.dll
C:\WINDOWS\system32\vvvwa.bak1
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\bold.log
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\Owner\APPLIC... Read more

Answer:winantispyware 2007 remove

11 more replies
Relevance 84.46%

Problem began yesterday, I get a pop-up that wants me to download and install said program. Scanned with spybot search and destroy, found vundo or mundo something, got rid of it, problem still there. Tried the Vundo fix, then the VirtumundoBegone fixfrom the forums topic 18610, problem still there. I use CA antivirus protection, windows xp pro, mozilla Firefox and netscape mail. Anybody can give me some advice, I'd appreciate it, thanks!

Answer:Can't Remove Winantispyware 2007 Pop Up

Rogue Remover will remove Winantispyware 2007.http://www.malwarebytes.org/rogueremover.phpYou will probably need to post a Hijack This log, too. Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Relevance 84.46%

Hello friends.Im new here and asking you for HelpHere is my HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:15:42, on 8.10.2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\system32\RaConfig2500.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\BitTorrent_DNA\dna.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\HijackThis\HjtNew.exeR0 - HKCU\Software\Microsoft\Internet Exp... Read more

Answer:Winantispyware 2007 Popup

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Blond My name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

3 more replies
Relevance 83.64%

Please help!My computer has been running slower.I keep getting popups and redirects of my broswer. I get a notification that Microsoft Frontpage sr-1 is trying to be installed but then says it can't find the disk. It also pops up something about WinANtispy Software. I did Spybot and it found registry key Virtumonde and command.exe but couldn't remove it. This is what it said couldnt be removed: c:\windows\rmftawx5\asapps rvdll Please help! Here is my scan:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:49:36 AM, on 9/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NavNT\defwatch.exeC:\WINDOWS\runservice.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\winshow.exeC:\Program Files\AIM\aim.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System3... Read more

Answer:Winantispyware 2007, Virtumonde, Command.exe

Sorry for your delay, as you can see the staff here is just swamped.Please download VundoFix.exe (by Atribune) to your DesktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Run the Vudnofix at LEAST 2 times OR until you get a "No vundo found message" Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Please post the contents of C:\vundofix.txt and Combofix log in a reply to this thread.

1 more replies
Relevance 83.64%

I receive a grey dialog box that reads NOTICE: If your computer has been running slower than normal, it may be infected with viruses, adware or spyware. Win AntiVirus Pro 2007 can eperform a quick and complete FREE scan of your system for malicious prgrams. Download Win AntiVirus Pro 2007 Free Now!And throughout the time that I am online, strange advertisements pop up and web pages that I do not go to pop up.What do I do? Do I need a new computer? Hope this works!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:56:17 PM, on 9/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\ixukibdm.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\... Read more

Answer:Hijackthis Log: Please Help Diagnose Winantispyware 2007

Hello Stiniv,Welcome to Bleeping Computer 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

17 more replies
Relevance 83.64%

Hi, whenever I try to uninstall the program Windows Anti-Spyware 2007 shown here, nothing happens. I've tried everything from add/remove programs, to downloading unistall programs, to using msconfig as seen in the picture. Furthermore, it persists to remain on my viewable icons as a "System Alert!" icon that looks like a red circle with a slash through it. Can anyone help me out please?
 

Answer:WinAntiSpyware 2007 Uninstallation problem

There`s a good tool HERE

Failing that, go HERE and follow all the steps.
 

2 more replies
Relevance 83.64%

Hi all,my sister's computer has been infected with the above. i have already updated you virus software to AVG and completed 2 scans. i have also run ad-aware and spybot s&d twice. i have run the following ATF-Cleaner, ComboFix, McAfee Avert, and SmitFraudFix. i just want to be sure that the computer is clean before i give it back. i wasn't able to run these in safe mode (atf, combo, mcafee, smitfraud) due to a memory issue that would popup. i haven't connected to the internet to do any windows updates. here are the hjt, combofix, and smitfraud logs.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:45:16 PM, on 8/9/2007Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\System32\aspimgr.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exeC:... Read more

Answer:Infected With Bravesentry And Winantispyware 2007

Welcome to the BleepingComputer HijackThis Logs and Analysis forum swebb32_99 My name is Richie and i'll be helping you to fix your problems.Before i can provide you with any further assistance,you first need to go here and install Service Pack 1a;http://www.microsoft.com/windowsxp/downloa...p1/default.mspxThis will patch numerous security vulnerabilities in Internet Explorer and the Windows operating system. As your machine stands right now it's exremely vulnerable to infection. You need to get these updates installed first before we can proceed or we?ll both be wasting our time.Do not install Service Pack 2.If you install SP 2 on an infected machine it will cause serious problems within the operating system. Once you've finished the above,restart your pc.Double click on Combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply.Also post a new Hijackthis log please.

19 more replies
Relevance 82.82%

Hi - my problems sound very close to a number of those raised in similar threads, but I thought it would be best to ask for help for my specific issue, rather than try to emulate a fix for someone else's.

I was infected through a file in a winrar compressed file and I misunderstod the question from my Norton software about what I wanted to do with it.

I have run a full scan with Norton Antivirus 2007, with fully up to date definitions. It identifed a few Trojans, which I fixed.

I still got pop ups when in IE - opening windows to WinAntiSpyware, Poker and Insurance sites, as well as some floating banners and warning messages about slowed performance and recommending WinAntiSpyWare. I also get frequent Norton notifications that Norton has blocked Downloader as a security risk, and my computer was secure. Apparently Norton can stop this bug from fully functioning, but it can't find or kill it.

I downloaded and ran Ad-aware, which found and dispatched some additional Trojans, but still the problem remained. I followed instructions I found on a forum to switch off the system restore, restart in safe mode, and run the Ad-aware. I did this, still no joy.

I then downloaded and ran AVG Anti-spyware and AVG Anti-rootkit, neither of which turned up anything new.

In desperation I downloaded SpyHunter from
http://www.trojan-downloader-removal...ownloader.html which didn't find anything, and I then uninstalled it.

I have gone through the 5 steps before posting this - ... Read more

Answer:WinAntiSpyware PRO 2007 - Pop Ups & Downloader Warnings from Norton

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

7 more replies
Relevance 82.82%

hello guys i am posting this hijack this log. a couple of days ago i was downloading acrobat reader update and this thing came with it hidden some where. the first thing i noticed it turned off my mcafee firewall and then started telling me i needed winantispyware 2007 for my problems. spybot tells me i have virtumonde now i am confusedplease helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:58:14 PM, on 8/18/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Sony\VAIO Media Integrated Se... Read more

Answer:Popups Problem Virtumonde Or Winantispyware 2007

Hello alu77 and welcome to BleepingComputer!My name is Johannes and I will be dealing with your log today.Please note that comments are made in green, links are in red and important things are outlined by using the blue color.Please also take note of the following:I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for this issue on this machineThe process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Johannes

5 more replies
Relevance 82.82%

please check out my HJT log (start-up log also included). Please let me know if there is anything there that shouldn't be and how to get rid of it. Also, when I ran House Call it was unable to clean WinAntiSpyware 2007 from C:\Program Files \ Common Files, stating that the current pattern does not support clean up. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:57:27 PM, on 7/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exec:\toshiba\ivp\swupdate\swupdtmr.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WIN... Read more

Answer:Winantispyware 2007 Removal, General Log Review

* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!* Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 on a non infected computer will remove your Desktop background and set it blank again. But you can reapply your desktop background again afterwardsYou will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it in... Read more

14 more replies
Relevance 82%

I am running Windows XP, Home Edition, SP2.

So, a few days ago, I started getting random popups saying that I supposedly needed to clean my computer with DriveCleaner 2006 (I think?). I closed it and thought nothing of it. But a couple days later (yesterday) Symantec Antivirus's Auto-Protect stopped a few viruses from installing, but it said 1 of them got past it. And all of a sudden, WinAntispyware 2007 appears and installs on its own (we've never even heard of it until now) and starts scanning, finding over 3,800 threats in 30 seconds. We went to "Add and Remove Programs" and uninstalled it, but when we checked in Program Files - WinAntispyware 2007, a few files remained. If I tried to delete them, it would say something like: "Cannot delete the file. Make sure it is write-protected or not currently in use". I gave up after a while of trying to delete them. So, I scanned the computer with Symantec, it found nothing. I scanned with Ad-Aware SE, and it found 12 files associated with WinAntiSpyware 2007, I clicked Remove, and it said they were deleted. We thought we were fine.

Now today, whatever it is, is back and bombarding us with pop-ups and trying to download WinAntiSpyware again. We scanned with Ad-Aware SE, but it crashed completely after a couple seconds (it found the virus right before it crashed) and shut down the computer. We did HijackThis! and ComboFix (Cannot get the Combofix log at the moment, will in a few minutes), here is the H... Read more

Answer:Annoying Adware. Crashing Computer. WinAntispyware 2007

Bump.

And also, I downloaded SpySweeper, it has detected 2 Adware programs, and 28 Spy Cookies, it said it removed them, but we are not sure if the problem is gone, or if a trace is still left. I will post new HJT and ComboFix logs in a while.
 

1 more replies
Relevance 81.18%

Computer: Dell laptop running Windows XP Professional version 2002 with Service Pack 2.

A few days ago I started getting a lot of pop-ups and requests to download WinAntiSpyware 2007. I ignored these but eventually it started causing more problems. I began running Ad-Aware SE, which found Win32.TrojanDropper and Virtumonde stuff. I allowed Ad-Aware SE to delete this but it actually didn't. Then I tried to go through and manually delete the stuff out of the registry but that doesn't work. The 941508f8-ccd9-44e0-ac29-4f1e141373f7 stuff keeps coming back in the registry. I'm close to just reformatting and starting from scratch but I decided to give this one last try. I will post my HijackThis logfile below and see if there is anything that can be done. Any help would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:51 PM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBli... Read more

Answer:WinAntiSpyware 2007 and now 941508f8-ccd9-44e0-ac29-4f1e141373f7

16 more replies
Relevance 79.95%
Question: Winantivirus 2007

Hi I have been infected with the virus above, showing a pop up saying that I have a spyware infection and that my files are being copied. The window tries to get me to run a system scan and the buy a product that is supposed to clear the problemPlease helpThankyouLogfile of Trend Micro HijackThis v2.0.2Scan saved at 18:24:27, on 14/08/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\Apple\Mobile Devi... Read more

Answer:Winantivirus 2007

Hello Shourigian14! Welcome To Bleepingcomputer.( 1 ) I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Norton/Symantec or AVG.There is a bunch of information to read on Symantecs homepage, this will help you to make the decision.Symantec = http://www.symantec.com/region/can/eng/pre...01/n011017.htmlAVG = http://forums.pcpitstop.com/index.php?showtopic=38735( 2 ) Please download Combofix to your desktop.Double click on Combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next replyNote: Do not mouseclick combofix's window whilst it's running. That may cause it to stall( 3 ) Open HijackThisClick Con... Read more

11 more replies
Relevance 79.95%
Question: Winantivirus 2007

hi I have been trying to get rid of this gray box that keeps popping up and telling me to check my computer it looks like it is from microsoft but there are misspellings in the message. It tried to connect to the internet and thats how I know it is winantivirus 2007. It wants me to down load. steps I have taken so far. I ran vundofix, vundobegone they found no files. I ran spybot and deleted vundo along with some redirected website registry now it is saying clean. I ran my yahoo antivirus got message about java byte verify cleared that up . then ran yahoo anti spy deleted all cookies found there. b4 i did all this I turned off system restore and my firewall. ran all these programs in safe boot. restarted in normal and it is still popping up and even has a icon in my system tray. I ran hijack this again and this is what is left

Logfile of HijackThis v1.99.1
Scan saved at 5:39:45 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\W... Read more

Answer:Winantivirus 2007

Hi

Start by renaming HijackThis.exe file -> something.exe and post a fresh hjt log after that

17 more replies
Relevance 79.95%

I unknowingly downloaded winantivirus pro 2007, i believe the program downloaded but while it was trying to open my computer froze. all the programs stopped running. i turned it off by pressing on the off button but when i turned my computer back on, it was still frozen. i cant open any programs, or turn off the computer manually. the winantivirus seems to be the only program trying to load but other than that my computer is practically frozen.
 

Answer:WinAntiVirus Pro 2007

Which "off" button did you press? Did you hit the one on the monitor, or on the PC?

Try holding the power button on the PC until it turns off (5-10 secs), then wait 30 secs, and turn it back on.
 

1 more replies
Relevance 79.95%

I Have a very annoying problem called winantivirus 2007 pro. It is not installed as a program but is installed somewhere on my computer to give me constant pop ups telling me to buy the software and download. please help it is very irritating. Also it has a process that sits on the taskbar and pops up a balloon message telling me to buy the software also. Please Help Here Is A HJT File Log Of This Helps

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:10 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ikkgjscb.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.e... Read more

Answer:WinAntiVirus 2007 Pop Up Help

9 more replies
Relevance 79.95%

I did what your site said. Here is my report. What do I do next.

Thanks,
Vinnie

Logfile of HijackThis v1.99.1
Scan saved at 5:14:53 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
F:\PROGRA~1\Iomega\System32\AppServices.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
f:\program files\mcafee.com\agent\mcdetect.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
f:\PROGRA~1\mcafee.com\agent\mctskshd.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\dlcccoms.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
F:\Program Files\Quik Touch\EzdMontr.exe
F:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
F:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
F:\WINDOWS\MXOALDR.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
F:\Program Files\Logitech\QuickCam10\QuickCam10.e... Read more

More replies
Relevance 79.95%

I am having a similar problem as this thread: http://forums.majorgeeks.com/showthread.php?t=71695

I downloaded HJT and now I don't know what to do with the log. Can anyone take a look at it and tell me what I need to delete? I know one of the bad files is definitely smgr.exe. That was found by my anti-virus program, but said I was unable to delete it. There were two others that I could not delete named afcbunbd.exe and winuns32.dll

Somebody please help! I can't take anymore of these pop-ups.
 

Answer:WinAntiVirus Pro 2007

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - only for Windows XP, 2K, & NT users
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can ... Read more

1 more replies
Relevance 79.95%

For a week..my pc just infected by : a virus called "WinAntiVirus 2007"..

its really slow down the pc & automaticly opening POPUPS !

i tried this site : http://remove-winantivirus.info/
and KasperSky , RogueRemover ,XsoftSpy ,etc

no one detected it !

can anyone please Help me ?

its very urgent for me.please !

Thanks & Regards,
Tharshan
http://www.arcadeMint.com
 

Answer:i got WinAntiVirus 2007 ! Please HELP ME !

16 more replies
Relevance 79.95%

I have had WinAntiVirus Pro popups before and someone removed them, but now it's back again. The keep coming whenever i' on the internet. I don't recall any known processes in my Task Manager that would be that and it isnt installed on my computer. I've been looking around the internet for ways to get rid of them manually, but I think need some more direct help to do this..

I have Hijack this v.2.0. Is there something else i should download, or anything specifically i should look for?

Thanks a lot
 

Answer:WinAntivirus Pro 2007

7 more replies
Relevance 79.95%

Hi,

My computer is infected with Win Anti Virus pro 2007. I do not really understand how to get rid of it. Do i really need to reformat??

Please help me, what shall i do?

Thanks.

Answer:Winantivirus Pro 2007

Hey skipper1My computer is infected with Win Anti Virus pro 2007. I do not really understand how to get rid of it. Do i really need to reformat??You don't need to reformat because of WinAntiVirus Pro 2007 ==========RogueRemoverPlease download rr-free-setup.exe (by RubbeR DuckY). Save the file to your desktop.Double-click rr-free-setup.exe. RogueRemover will now be installed - OK the installation prompts. Once it has successfully installed click Check for updates. Download & install any updates.Click Scan. RogueRemover will now scan your computer for any rogue programs. Once it has finished click Remove Selected if it finds any. Please allow RogueRemover to submit the statistical data.==========Hijackthis LogPlease download HijackThis.exe (by Merijn). Save the file to your desktop. This is a very important step! This ensures Hijackthis stores backups should anything go wrong.Double-click HijackThis.exe. Select Do a system scan and save a logfile.Allow Hijackthis to scan your computer. When notepad opens up with your logfile, copy the contents back into your thread.==========Jamie

1 more replies
Relevance 79.95%

i am also encountering this endless popups by winantivirus... please help me solve this... i would gladly appreciate it. thank u.

here's the log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:00 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wina... Read more

Answer:help... it's also about winantivirus 2007

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to i... Read more

1 more replies
Relevance 79.95%
Question: winantivirus 2007

Don't know if I can post, it has taken over!
Windows XP sp2, and running Avg7, windows defender, & adaware.
Have completed running:
SmitRem
SmitFraudFix
RogueRemover
CCleaner
I have used the forums and tried to fix this myself to no avail.

I enclose my Hijackthis Log and would be really grateful for the help!
Thank You
 

Answer:winantivirus 2007

11 more replies
Relevance 79.95%

Hello -

After reading through a few threads, I have a computer infected with symptoms very similar to the ones found in the following thread:
http://forums.techguy.org/malware-r...608566-winantiviruspro-2007-strikes-agin.html

However I do not have the 'aahaaoms.exe' process running in my task manager.

I do have two icons in the startup folder of my start menu: autorun.exe & system.exe

On startup I receive a 'fake' windows security alert dialog with spelling mistakes.

The first step in other threads seems to be a 'hijackthis' log - I have included it below...

Please Advise! - Thank You!

_____

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:00 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$M... Read more

Answer:WinAntiVirus Pro 2007

12 more replies
Relevance 79.95%

I apparently don't know what I am doing. I need to remover this. Could someone PLEASE help me. Thank you.
 

Answer:Please help winantivirus pro 2007

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to a... Read more

1 more replies
Relevance 79.13%

Hello,

I have a problem with a continues POP UP for WINANTIVIRUS PRO 2007. I have several great Spyware and Malware programs running to prevent and remove spyware, but this one continues to come back. Also. Windows defender keeps finding a win32/fotomoto file that wants to change my home page browser. Problably all part of the same problem, or maby mutliple problems. Non of my Virus and firewall software I have in place is working and this is a brand new computer. Kinda frustrated with it. I do not want my personal info compromised . Can you help me out? I would greatly appreciate it and would love to learn what you guys know so I could help others in the future.

Regards,

David T.

Answer:Winantivirus 2007 Popup's

Hi, this program that you are have a problem with, I call ripoffware. Lets try a couple of things here, and see if we can get rid of it. First, please download and install Rogue Remover Free. make sure that you update the database. Disconnect from the internet. Disable Windows Defender, and any other program you have running. Run the program and let it remove everything that it finds. Let us know the results. There will be more to do.Please take into account that you should only have one active malware program and one active antivirus running at a time. Having more than one running causes conflicts that will open your computer to infection, and can prevent these fixes from being effective. You can re connect to the net when you have finished running and repairing with rogue remover. Be sure to reactivate your protection and restart your computer before you connect again.

22 more replies
Relevance 79.13%

Started getting popups for winantivirus pro 2007 a couple of days ago. I followed instructions from posts here and the pop-ups seem to have resolved but i still get notifications on trojan pmnklif.dll that can't be quarantined by symantec antivirus. Any help would greatly be appreciated.

Here's the most recent Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:03 AM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Windows\System32\mcres.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Dashsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\WINDOWS\system32\IFXSPMGT.exe
c:\WINDOWS\system32\IFXTCS.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WIS... Read more

Answer:winantivirus pro 2007, can't shake it

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found a... Read more

1 more replies
Relevance 79.13%

hi there, my pc hass been infected by the winantivirus pro 2007, the pop ups are not very frequent but my internet connection is slow, would appreciate if anyone could help me with this. Thanks
 

Answer:ifected by winantivirus pro 2007

16 more replies
Relevance 79.13%

Hi I seem to be infected with WinAntivirus Pro 2007. Can anyone help me get rid of it? Here's my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:58:36, on 03/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Lexmark X1100 Series\lxbkbmgr.exeC:\Program Files\Lexmark X1100 Series\lxbkbmon.exeC:\Program Files\Java\jre1.6.0_0... Read more

Answer:Winantivirus Pro 2007 Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum fistikuffs My name is Richie and i'll be helping you to fix your problems.Please download rr-free-setup.exe (by RubbeR DuckY),save the file to your desktop:http://www.malwarebytes.org/rr-update/rr-free-setup.exeDouble-click rr-free-setup.exe. RogueRemover will now be installed - OK the installation prompts. Once it has successfully been installed,click Check for updates,download/install any updates.Now click Scan. RogueRemover will now scan your computer for any rogue programs. Once it has finished click Remove Selected if it finds any. Please allow RogueRemover to submit the statistical data.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the na... Read more

17 more replies
Relevance 79.13%

Hi, i got this problem on my Windows XP just today. I'm receiving pop-ups and some warnings that make me go to a site to buy some scanners (the thing is WinAntiVirus Pro 2007). I tried running Spybot and Ad-aware but it only removed the warnings but not the pop-ups. They keep coming back. I also checked some other sites but still no luck on removing them. so.. i ended up coming here. i need help to remove them

well.. heres my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:40:46 PM, on 4/18/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\xloadnet\xloadnet.exe
C:\PROGRA~1\G... Read more

Answer:WinAntiVirus Pro 2007 and pop-ups problems

Hi and welcome to TSG,

Can you tell me why you're running a completely unpatched computer with no MS Service Packs?
 

1 more replies
Relevance 79.13%

My poor laptop is infected with winantivirus pro 2007 virus..I got this virus from someone in my msn's messenger contact list who is also infected with this virus and he is spreading this virus to his contacts.. I received from him this message and i click the link and downloaded the bloody file and run it:lol i checked ur dreampartner http://www.yourdreampartner.net/photo17.php I already have installed the following internet protection software:-Norton protection center 2007-AVG antispyware 7.5 proBoth AVG and Norton are installed updated and should be working OK.I disabled system restore, as well i cleaned my system history with ATF cleaner before i did the full system scan.I did twice a full system scan in safe mode with AVG and Norton (I run AVG and Norton scan process at the same time)I am seeing always from time to time a the winantivirus pro 2007 popup screen and many porno Adds..The first time i did the scan Norton did not detect anything, AVG detected 2 trojans with high risk and after restarting and connecting to the internet the same popups came back and nothing could stop them so far..I restarted and did a second full system scan in safe mode, (norton and AVG) and both of them did not detect a single malware or spyware or virus...simply it is a disaster..What should i do?Any help on how to remove this rogue spyware it is highly appreciated..followed is the HijackThis.log:Logfile of HijackThis v1.99.1Scan saved at 23:50, on 07-04-29Platform: Windows XP SP2 (WinNT 5... Read more

Answer:Winantivirus Pro 2007 Virus

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

20 more replies
Relevance 79.13%

I am in desperate need of help as my computer is becoming unusable. I believe I have a version of WinAntiVirus Pro 2007.

When i logged on to XP i got a message in a dialogue box saying "Warning! Potential Spyware Operation! Your computer is making unauthorised copies of your system and internet files. Run full scan now to prevent unauthorised access to your files! click here to download spyware remover ... YES/NO".

i knew there was sumthing wrong so I clicked no. I've tried Spybot and Superantispyware but no avail. There is not much I can do as all registry changes are denied and I cannot even access my control panel as this is blocked as well.

other info/changes on my comp:
1. my internet explorer's home page has been changed to google.com automatically and when i click on internet properties i get a message saying "this operation has been cancelled due to restrictions placed on this computer. please contact the system administrator".
2. when i try to access control panel it says the same "this operation has been cancelled due to restrictions placed on this computer. please contact the system administrator".

Answer:Winfixer Or Winantivirus Pro 2007

Try running Rogue RemoverLet us know how you make out.And welcome to bleeping computer

3 more replies
Relevance 79.13%

Hi There,Before I start I would like to thank you very much in advance for the work you do and the time & effort spent helping people like me. A few days ago the Winantivirus Pro & winantispyware pro pop ups began. There are now also pop ups from celldorado,bestdietforme baintravel,66.179.234.173/images etc. My Pc has grinded to a halt - it takes an age to boot up and moves slowly through the working applications. I have spent nearly two days trawling for solutions and have carried out your pre post instructions not to mention my own efforts, downloads of various patches etc. I cant seem to resolve the issue and it seems to be quite a stubborn one. I would really appreciate if you could take a look and see if you can spot potential villans. I will follow through your instructions by the book and have reasonable PC experience, not enough to sort this issue out!!!Thanks again for you help,NF Hijack This Log File followsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:55:30, on 28/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32... Read more

Answer:Winantivirus Pro 2007-various Pop Ups- Pc Crawling

Hello Setanta,Welcome to Bleeping Computer 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

8 more replies
Relevance 79.13%

I am infected by winantivirus pro 2007 how do I remove it.

It also changed my account user settings and not letting me access the control panel, add and remove programs

Answer:How To Remove Winantivirus Pro 2007?

Try This:Please download Rogue Remover Free from Malwarebytes.Please save the file to your normal saved file location or the desktopdouble click on rr-free-setup to run the installation programaccept the license agreement.follow all the steps and click finish to run the programClick the check for updates linkclick the scan link to start scanningwhen done, follow the onscreen directions to remove anything that it found.Let us know your results, please.

4 more replies
Relevance 79.13%

I appreciate any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:31 AM, on 8/24/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195) ( not up to date, I know)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\winnt\system32\dwdsrngt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\owinsmdt.exe
C:\HijackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank... Read more

More replies
Relevance 79.13%

hey. so somehow i seemed to of gotten some spyware or malware or whatever, but its really slowing my computer down and is not welcome. I keep getting pop-ups for different things, but the most common one seems to be WinAntiVirus Pro 2007. has anyone else run into this, and knows how to remove it? thanks

Answer:Infected By Winantivirus Pro 2007

WinAntiVirus Pro 2007 Removal Instructions For Windows XP/Vista

2 more replies
Relevance 79.13%

Could someone please help! I am currently infected with WinAntiVirus Pro 2007. I get multiple annoying popups from them, Jack9, Broadcaster, and other sites with very strange URL addresses.I have an HP Compaq Presario running XP (2002 version); service pack 2.I currently use MCAfee SecurityCenter that is from Windstream.net, AdAware, SpyBot, AdWatch 2007 and AVG Anti-Spyware 7.5No matter what I do, I cannot seem to get rid of this stuff. Here is my HiJack This log:Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 9:56:08 PM, on 7/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\arservice.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LightScribe&#... Read more

Answer:Infected With Winantivirus Pro 2007

Welcome to the BleepingComputer HijackThis Logs and Analysis forum SteveHicks My name is Richie and i'll be helping you to fix your problems.Copy and paste the following bold blue text in the Quote box below into Notepad.Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.Then double click on the fix.bat file on your desktopYou'll see a black screen flash,thats [email protected] offsc stop DomainServicesc delete DomainServiceRestart your pc.---------------------------------------Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.---------------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Doubl... Read more

7 more replies
Relevance 79.13%

I had the WinAntinvirus Pro 2007 bug and did repeated editing and cleaning. Did I clean it ALL out or any other spyware/malware/viruses/sicknesses/tuberculosis?? Here's my Hijackthis scan:Logfile of HijackThis v1.99.1Scan saved at 1:50:14 PM, on 6/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Prevx2\PXAgent.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\UStorSrv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Synaptics\SynTP\Sy... Read more

Answer:That Damn Winantivirus Pro 2007 !

Hey discorobRogueRemoverPlease download rr-free-setup.exe (by RubbeR DuckY). Save the file to your desktop.Double-click rr-free-setup.exe. RogueRemover will now be installed - OK the installation prompts. Once it has successfully installed click Check for updates. Download & install any updates.Click Scan. RogueRemover will now scan your computer for any rogue programs. Once it has finished click Remove Selected if it finds any. Please allow RogueRemover to submit the statistical data. Please can you then post a fresh Hijackthis log.

1 more replies
Relevance 79.13%

hi my boyfriend downloaded what i believe is spyware or a virus called winantivirus pro 2007 and 2006. he doesn't remember where he downloaded it from. he ran spybot search and destroy and avg anti virus and spyware and hijackthis and it removed some of the entries but it is still on my computer and it still has a folder there that will not remove ...... I also found a bunch of traces because when i ran search all files and folders you see like 74 traces in the spybot search &destroy recovery folder and it has several running when windows startups up . but i also see in the local c drive that it has 2 folders in it and i tried to delete them but but it will not leave and it is also has an icon of it stored in the control panel can someone please help me remove this spyware/virus please Thanks in advance

Answer:Removing Winantivirus Pro 2007

Hi, I suggest you try a scan of PC with SuperAntiSpyware in Safe Mode. If you can't access safe mode ,run from normal mode.If you were unable to access Safe Mode or it still exists then please follow these instructions.Preparation Guide for use before posting a HijackThis Log

5 more replies
Relevance 79.13%

Hi,
I have been infected. I can't seem to be able to remove.
I have run Ad-ware and AVG, but it is still on my computer.
thanks

------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:25:32 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\fkvfscts.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Quentin\Desktop\rapget136\rapget.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Prog... Read more

Answer:WinAntivirus Pro 2007 can't remove

7 more replies
Relevance 78.31%

2 days ago, I googled a site for used bookstore to check hours. EI collapsed and new window popped up - WinAntivirus. I thought it spelled trouble for i had heard about it at work, so i pulled the plug in about 20 seconds or less. the computer, needless to say, shut down.

I plugged it back in and powered up. Ran Spybot search and destroy - saw the file for WinAntiVirus pro 2007, but spybot just rolled right over it. It did list it as WinAnitvirus Pro 2007 and ErrorSafe. I hit "fix" button and it seemed okay. left for work. did not turn on computer yesterday.

today, i turned on pc and went to google. went to look at video, since never watched google video. Then google window collapsed and new window for ErrorSafe popped up.

Ran Spybot search and destroy. again, it came up w/ winAntiVirus 2007 and ErrorSafe. Hit fix.
Ran spybot again, it seemed to pass over the files, at least i saw it listed as spybot ran.

downloaded hijackthis and ran it. did not see anything, but i am not very tech savy at all. not sure what i am looking for.

Another site said to download and run vitrumudobegone. ran that. it did not find anything.

ran spybot again, saw file as it scann (WinAntiVirus pro 2007 & ErrorSafe.) but spybot did not list the files as cookies as it did before to fix.

I went to Microsoft and followed instructions per this link http://www.xp-vista.com/spyware-remo...l-instructions
I did not find any of the files the link... Read more

Answer:WinAntivirus 2006 / Pro 2007 and ErrorSafe

Hi marhaf, welcome to TSF..

best advice I can give is to read through the following thread as it advises on the steps to take before posting a Hijack This log file. If there are any traces of malware on your PC, our analysts will be able to advise how to clear them:
http://www.techsupportforum.com/secu...sting-log.html

Hope that helps

1 more replies
Relevance 78.31%

2 days ago, I googled a site for used bookstore to check hours. EI collapsed and new window popped up - WinAntivirus. I thought it spelled trouble for i had heard about it at work, so i pulled the plug in about 20 seconds or less. the computer, needless to say, shut down.

I plugged it back in and powered up. Ran Spybot search and destroy - saw the file for WinAntiVirus pro 2007, but spybot just rolled right over it. It did list it as WinAnitvirus Pro 2007 and ErrorSafe. I hit "fix" button and it seemed okay. left for work. did not turn on computer yesterday.

today, i turned on pc and went to google. went to look at video, since never watched google video. Then google window collapsed and new window for ErrorSafe popped up.

Ran Spybot search and destroy. again, it came up w/ winAntiVirus 2007 and ErrorSafe. Hit fix.
Ran spybot again, it seemed to pass over the files, at least i saw it listed as spybot ran.

downloaded hijackthis and ran it. did not see anything, but i am not very tech savy at all. not sure what i am looking for.

Another site said to download and run vitrumudobegone. ran that. it did not find anything.

ran spybot again, saw file as it scann (WinAntiVirus pro 2007 & ErrorSafe.) but spybot did not list the files as cookies as it did before to fix.

I went to Microsoft and followed instructions per this link http://www.xp-vista.com/spyware-remo...l-instructions
I did not find any of the files the link listed.

Went to McA... Read more

Answer:WinAntivirus 2006 / Pro 2007 and ErrorSafe

Hello and welcome to TSF.

Can you post the main.txt from Deckard System Scanner,it can be loacted at: C:\Deckard\System Scanner\main.txt

1 more replies
Relevance 78.31%

Hey Techguys!
Recently I found that a virus called WinAntiVirus 2006 & WinAntiVirus 2007 has infected my computer. Im not quite sure if that is one virus, or 2 separate ones, but i DO know that whatever it is, its not supposed to be there. I have used numerous Anti-Spyware programs, some of which seem to have helped a little (some not at all), and some which help me detect, but not remove various viruses.
So far, i have seen these programs have been recommended, so i tried them:
Counter Spy
Prevx 2.0
EagleEye OS Control Center
ParetoLogic Anti-Spyware
Avg Anti-Spyware 7.5
RogueRemover
WinFortress
& since i found you guys..
HiJackThis
SUPERAntiSpyware

I have read many Internet sites and posts and your moderators seem to be the only ones that know what theyre talking about and producing results!

I thought i had removed all of the threats, because i have regained control of my computer using the virus removal programs and an application called "xp_secconsole" which i think i retrieved from someone else's posts on this same topic (possibly from MFDnNC, who deserves a for being so helpful, wether he knows it or not.)
The ParetoLogic (free version) has detected that i still have these problems after running all of the above mentioned programs...
grokster
winantivirus pro 2006
winantivirus pro 2007
ibis/hunt toolbar
viewpoint
Live365 cookie

Is there any way to remove these??!!?? I have done EVERYTHING that the other posts on this issue have said and ... Read more

More replies
Relevance 78.31%

This keeps flashing up now and then:



This is my HJT log:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\**********\Start Menu\Programs\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe



I can't see anything there that relates to this problem, can anyone help?

Thanks

Answer:winantivirus pro 2007 pop-up, help needed, HJT Log inside.

Hello Lostnumber,

Please post the log once more, being sure to include the header information.

5 more replies
Relevance 78.31%

I have read several posts on how to remove this malware and have tried everything. Symantec and AVG both p to date, scanned, and cleaned. I have tried running VirtumondoBeGone, VondoFix, and ComboFix. I attempted to follow the steps outlined on Symantec's site on how to remove this, but some of the files it wanted me to delete were not found. Currently, AVG runs a clean scan, but I still get the little Windows looking shield icon in my system tray with the popup balloon. Here is a HJT log:Logfile of HijackThis v1.99.1Scan saved at 2:41:04 PM, on 4/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\LTMSG.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\m... Read more

Answer:Trouble Removing Winantivirus Pro 2007

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

3 more replies
Relevance 78.31%

HI frinds !

I am not able to open my yahoo mail, gmail, orkut though other mails( rediffmail) r proper. I dnt know what to do. Some friends have sent their HJT log. Help me how to send that to you for further action..I am in great trouble !

THanx !

Regards !!
Brad

Answer:Winantivirus Pro 2007...help Not Able To Open My Mails

Winantivirus Pro 2007 is likely put on your computer by Vundo. After using Super Antispyware and it identifies Vundo use the Vundofix tool.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Vundofix tool in link below:http://www.atribune.org/content/view/24/2/Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------How to Start Windows in Safe Mode:http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

3 more replies
Relevance 77.9%

I'm trying to get the results of Access queries to be linked to an Excel workbook. I've been using the Data tab in Excel, clicking the "From Access" button in the upper left, and choosing the Access database. Then it asks what query I want to link.

The problem arises when I try to link a specific query, which we'll call qry_x. This query is based on several other queries, one of which is qry_z. Frustratingly, when I try to link qry_x to the Excel workbook, I get an error message that says that Access can't find qry_z, and suggests maybe I spelled the name incorrectly.

However, qry_z definitely exists as part of the database, and when I run qry_x (which is based on qry_z) in Access, the correct results are displayed with no error.

Note: qry_x is the only query this is happening to. I can link any other query with no problem at all, including qry_z!!!

What could be going wrong?

Thanks in advance.
 

Answer:Solved: Access 2007 / Excel 2007 - Linking to a database

16 more replies