Spyware Removal

This looks like a pretty fast and knowledgeable forum so I am posting for help. I keep getting new browser pop-ups while online. Also a spyware program automatically was installed on my PC. I removed the program (using the add/remove programs in the control panel) but i am still getting pop ups. I used ad-aware and removed the infections but when i re run a scan they are still present. Any help on fixing these would be helpful thanks in advance. For time sake below is a hijack this log if it helps.


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 1:46:32 PM, on 01/12/2009


Platform: Windows XP SP3 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\Network Associates\Common Framework\FrameworkService.exe


C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\Program Files\Viewpoint\Common\ViewpointService.exe


C:\Program Files\UltraVNC\WinVNC.exe


C:\WINDOWS\Explorer.EXE


C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE


C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe


C:\WINDOWS\system32\ctfmon.exe


C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE


C:\Program Files\Network Associates\VirusScan\Mcshield.exe


C:\WINDOWS\system32\rundll32.exe


C:\WINDOWS\system32\rundll32.exe


C:\Documents and Settings\xxxx\Desktop\Unused Desktop Shortcuts\Mozilla Firefox\firefox.exe


C:\Program Files\Network Associates\VirusScan\scan32.exe


C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe


C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE


O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


O4 - HKLM\..\Run: [d4b3e524] rundll32.exe "C:\WINDOWS\system32\ybofuigp.dll",b


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxx.INTERNAL


O17 - HKLM\Software\..\Telephony: DomainName = xxx.INTERNAL


O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxx.INTERNAL


O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxx.INTERNAL


O20 - AppInit_DLLs: kflynk.dll


O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe


O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe


O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe


--


End of file - 5112 bytes

Comments

  • I just removed some program that was also misc. got installed called shopping reports. But I am still getting the same 6 Virtumonde malware infections in my adaware scan. The problem still seems to have ceased.. for now

  • edited January 2009

    Hi,


    I have already answered your log somewhere else. It appears that you have started this same thread at a lot of different forums. This is confusing for the people who are helping you and actually a waste of time since many helpers will now analyze your log while someone else is already helping you.


    That's why it may be a good idea to post in the other forums that you are already receiving help. Thanks :)


    extra note...


    Also not sure why you have posted this in the Bitdefender forums since you don't even have Bitdefender installed.. :unsure:

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.