Spyware Removal

This looks like a pretty fast and knowledgeable forum so I am posting for help. I keep getting new browser pop-ups while online. Also a spyware program automatically was installed on my PC. I removed the program (using the add/remove programs in the control panel) but i am still getting pop ups. I used ad-aware and removed the infections but when i re run a scan they are still present. Any help on fixing these would be helpful thanks in advance. For time sake below is a hijack this log if it helps.


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 1:46:32 PM, on 01/12/2009


Platform: Windows XP SP3 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\Network Associates\Common Framework\FrameworkService.exe


C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\Program Files\Viewpoint\Common\ViewpointService.exe


C:\Program Files\UltraVNC\WinVNC.exe


C:\WINDOWS\Explorer.EXE


C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE


C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe


C:\WINDOWS\system32\ctfmon.exe


C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE


C:\Program Files\Network Associates\VirusScan\Mcshield.exe


C:\WINDOWS\system32\rundll32.exe


C:\WINDOWS\system32\rundll32.exe


C:\Documents and Settings\xxxx\Desktop\Unused Desktop Shortcuts\Mozilla Firefox\firefox.exe


C:\Program Files\Network Associates\VirusScan\scan32.exe


C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe


C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE


O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


O4 - HKLM\..\Run: [d4b3e524] rundll32.exe "C:\WINDOWS\system32\ybofuigp.dll",b


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxx.INTERNAL


O17 - HKLM\Software\..\Telephony: DomainName = xxx.INTERNAL


O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxx.INTERNAL


O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxx.INTERNAL


O20 - AppInit_DLLs: kflynk.dll


O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe


O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe


O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe


--


End of file - 5112 bytes

Comments

  • I just removed some program that was also misc. got installed called shopping reports. But I am still getting the same 6 Virtumonde malware infections in my adaware scan. The problem still seems to have ceased.. for now

  • miekiemoes
    edited January 2009

    Hi,


    I have already answered your log somewhere else. It appears that you have started this same thread at a lot of different forums. This is confusing for the people who are helping you and actually a waste of time since many helpers will now analyze your log while someone else is already helping you.


    That's why it may be a good idea to post in the other forums that you are already receiving help. Thanks :)


    extra note...


    Also not sure why you have posted this in the Bitdefender forums since you don't even have Bitdefender installed.. :unsure: