Over 1 million tech questions and answers.

Help With url.cpvfeed.com Persistant Virus

Q: Help With url.cpvfeed.com Persistant Virus

Hello I am having a big problem with the url.cpvfeed.com virus I just can't seem to get rid of it.
I have tried everything to get rid of it can anyone help me out?
Here is my HijackThis log file

Logfile of HijackThis v1.99.1
Scan saved at 9:50:52 AM, on 3/20/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\viewport.exe
C:\WINNT\Updreg.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINNT\system32\desk95.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Kevie Poo\Local Settings\Application Data\Trend Micro\HCMS\tsafe\en-US\tgui.exe
C:\Documents and Settings\Kevie Poo\Local Settings\Application Data\Trend Micro\HCMS\tsafe\en-US\tgsvc.exe
C:\Documents and Settings\Kevie Poo\Local Settings\Application Data\Trend Micro\HCMS\FLock\en-US\FLMain.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
C:\Documents and Settings\Kevie Poo\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {e39ec403-05f2-409f-ae26-b5f4029a5ad4} - C:\WINNT\system32\geaript.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Documents and Settings\Kevie Poo\Local Settings\Application Data\Trend Micro\HCMS\FLock\en-US\FLMain.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\System32\Macromed\Flash\GetFlash.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173539051921
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4980/mcfscan.cab
O20 - Winlogon Notify: geaript - C:\WINNT\SYSTEM32\geaript.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Help With url.cpvfeed.com Persistant Virus

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 51.6

Logfile of HijackThis v1.99.1
Scan saved at 11:10:34 AM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WIN... Read more

A:Cpvfeed Virus

Welcome to BleepingComputer njdevils078

Can you rescan with Hijackthis and post the whole log please,you've only posted half of it

Read other 16 answers
RELEVANCY SCORE 51.6

Somehow or another, I am getting this popped up.

http://url.cpvfeed.com/cpv.jsp?p=11...selectedKeyword=ron&selectedListingId=6250292

Luckily, Google blocks this site from being opened. It is quite annoying and I've been picking at this for days now. I have determined it is not something that is running in the background, it is intergrated with internet explorer some way. I have IE7 and Windows Vista. I have disabled every "addon" program there is and still I am getting this. I am hoping that the exe file was not hacked.

Here is my hijack log... be advised, I renamed the exe file to toby.exe so the virus will try not to detect the program running (Toby is name of my cat)

Anyways, here's a go at the log:

Logfile of HijackThis v1.99.1
Scan saved at 9:58:02 PM, on 4/6/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Adobe\Acr... Read more

Read other answers
RELEVANCY SCORE 51.6

Hi,
My computer has been infected with the cpvfeed virus. I am running Windows XP/SP2.
I have pasted a Hijack This log below.
I'd appreciate your help in getting rid of this annoyance.

Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 3:38:54 PM, on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware ... Read more

A:cpvfeed virus

Hi and welcome to TSG,

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by ... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

I have successfully kept my computer clean for almost 2 years.... until 3 days ago. I began to notice green "Sponsored Link's" in the text of my web pages. Then I started to receive advertisment web pages... some when I just booted my computer. Internet Explorer launched itself and went to an advert page. I already use Stinger, Norton, Adaware, and Spybot on a weekly basis. I also have a BlackIce firewall. I've run these all both in regular Windows as well as in safe mode. I've enlisted the help of Spyware Doctor and Trend Micro, but to no avail! However... SpyWare Dr. DID reveal that the pop up web pages are coming from url.cpvfeed.com. I did some research that landed me here. I know several others have asked and received excellent advice, but it seems so individualized that I thought it best to start my own thread. I'm fairly computer literate and can follow your excellent directions. What now?
 

A:cpvfeed virus

Read other 12 answers
RELEVANCY SCORE 51.6

I have ads popping up left and right. I have the stupid 'cpvfeed' virus. What do I do?

Logfile of HijackThis v1.99.1
Scan saved at 9:58:29 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Dustin\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway... Read more

A:Please help...cpvfeed virus.

Read other 7 answers
RELEVANCY SCORE 51.6

I need some help guys... I have been getting these popups like a lot of people have and I think the first step is for me to download hijackthis and give the log file... so here it is! I really hope somebody can help me!!! Thanks in advance!
Logfile of HijackThis v1.99.1
Scan saved at 6:41:28 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-... Read more

A:URL.CPVFEED Virus!!!

Hi, Welcome to TSG!!
Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

Read other 3 answers
RELEVANCY SCORE 51.6

I have some sort of cpvfeed virus and it keeps making pop-ups appearHIJACK THISLogfile of HijackThis v1.99.1Scan saved at 10:02:53 PM, on 6/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\DigitalPersona\Bin\DpHost.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\DigitalPersona\Bin\DPFUSMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Network Associates&#... Read more

A:Cpvfeed Virus

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 4 answers
RELEVANCY SCORE 51.6

If someone can please help me with this pop up problem plus if you notice any other problems I would appreciate that to. Here is my hackjack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:22 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1102968455\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Quic... Read more

A:Someone help with url.cpvfeed.com virus

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
=================

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it ask... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

hi, i know a few have already had problems with this virus and i have read the threads, but i figured that all each solution was tailored to each pc, so i thought i'd send your team my HJT log. Weird thing is, i was getting the warning messages only 10 mins ago from trend, but it just updateed itself and im no longer getting them. but i want to make sure the virus is completely gone. thanx in advance greatly for your time and help

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 5:06:35 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB 2.0 Flash Drive Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Trend Micro\In... Read more

A:cpvfeed virus

Hi and welcome to TSG,
There are still some problems in the log however, before we continue, please move HijackThis into a separate folder of its own in program files or my documents but not in the temporary files, so that it can create proper back-ups which can be restored, if necessary. Then post a new HijackThis log.
 

Read other 3 answers
RELEVANCY SCORE 50.8

Hi, my computer is infected with some spywares and/or viruses. I have already tried hints I find in some of the topics here, but with no success. It opens IE windows randomly with advertising contents. I tried AVG scan, which found the spywares, but could not disinfect them.
I hope you can help me.

Thank you

Paulo
 

A:Problem with virus cpvfeed

Read other 16 answers
RELEVANCY SCORE 50.8

Three weeks ago IE windows started opening automatically. I have gone through various virus scans and fixes but it's still an issue. This is a copy of my last HijackThis log, any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:14:21 AM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.e... Read more

A:cpvfeed other virus issues???? Help Please

Hi, Welcome to TSG!!
Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

Read other 1 answers
RELEVANCY SCORE 50.8

Hi --

I've got a cpvfeed virus on my laptop. I've run my Symantec Anti-Virus but the virus won't go away. When I'm connected to my company's VPN, our internet filter catches it and blocks it -- this is the URLthat I got when I came to your site:

http://url.cpvfeed.com/cpv.jsp?p=110441&url=http://forums.techguy.org/register.p hp&default=http://85.12.25.95/trafc-2/rfe.php?cmp=dun_mg_fail&url=http%3A%2F%2F forums.techguy.org%2Fregister.php&lid=%26url%3Dhttp%3A%2F%2Fpagead2.googlesyndi cation.com%2Fpagead%2Fads%3Fclient%3Dca-pub-8168439598877194%26dt%3D11521191621 01%26lmt%3D1152119162%26format%3D728x90_as%26output%3Dhtml%26channel%3D29329874 76%26url%3Dhttp%3A%2F%2Fforums.techguy.org%2Fregister.php%26color_bg%3Dffffff%2 6color_text%3D000000%26color_link%3D0000ff%26color_url%3Dff6500%26color_border% 3Dffffff%26ad_type%3Dtext_image%26ref%3Dhttp%3A%2F%2Fwww.techguy.org%2Fwelcome. html%26cc%3D100%26u_h%3D768%26u_w%3D1024%26u_ah%3D740%26u_aw%3D1024%26u_cd%3D32 %26u_tz%3D-420%26u_java%3Dtrue%26nid%3Dmc

Can you help me get rid of this thing? It's driving me crazy!

Thanks,
Bella
 

A:Help with cpvfeed virus needed

Read other 11 answers
RELEVANCY SCORE 50.8

Hi, I'm glad I find your site. I seem to have the cpvfeed virus (maybe something else as well). I hope you can help. I'm running on Windows XP. Here's the HJT Log. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 11:21:01 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Progr... Read more

A:Solved: cpvfeed virus

Read other 16 answers
RELEVANCY SCORE 50.8

I have some sort of cpvfeed virus and it keeps making pop-ups appear

HIJACK THIS
Logfile of HijackThis v1.99.1
Scan saved at 10:02:53 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\P... Read more

A:Solved: cpvfeed virus

Read other 10 answers
RELEVANCY SCORE 50.8

please find enclosed as an attachment file...my hjt log file.
could you please tell me of any problems.
thanks
the gooner
 

A:Solved: cpvfeed virus....

Read other 14 answers
RELEVANCY SCORE 50.8

Looks like they got me. I have recently been getting huge amounts of pop ups coming from cpvfeed in IE. I ran virustotal scan on some files and found that I'm infected big time. I also ran HijackThis and here are those results... Any other scans/programs I should use please let me know and help rid me of this crap

virustotal scan on system32\core.sys
AhnLab-V3 2007.5.16.1 05.18.2007 Win-Trojan/Rootkit.72320
AntiVir 7.4.0.23 05.18.2007 RKit/Agent.EQ
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 Win32:Agent-GJD
AVG 7.5.0.467 05.19.2007 BackDoor.Generic6.ECS
BitDefender 7.2 05.19.2007 Rootkit.Agent.CL
CAT-QuickHeal 9.00 05.18.2007 Rootkit.Agent.eq
ClamAV devel-20070416 05.19.2007 no virus found
DrWeb 4.33 05.19.2007 Trojan.NtRootKit.239
eSafe 7.0.15.0 05.17.2007 no virus found
eTrust-Vet 30.7.3644 05.19.2007 Win32/Tesllar.A
Ewido 4.0 05.19.2007 Rootkit.Agent.eq
FileAdvisor 1 05.19.2007 no virus found
Fortinet 2.85.0.0 05.19.2007 W32/Agent.EQ!tr.rkit
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 Rootkit.Win32.Agent.eq
Ikarus T3.1.1.7 05.19.2007 Rootkit.Agent.CL
Kaspersky 4.0.2.24 05.19.2007 Rootkit.Win32.Agent.eq
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.19.2007 no virus found
NOD32v2 2277 05.18.2007 Win32/Rootkit.Agent.EQ
Norman 5.80.02 05.18.2007 no virus found
Panda 9.0.0.4 05.19.2007 Rootkit/NTRootkit.AJ
Prevx1 V2 05.19.2007 TROJAN.AGENT.GEN
Sophos 4.17.0 05.18.2007 no virus found
Sunbelt 2.2.907.0 05... Read more

A:Solved: Cpvfeed virus help

Read other 11 answers
RELEVANCY SCORE 50.8

Hi, Just wanted to drop a Thank You for your help with that problem. I followed the steps outlined and also read other messages here. I no longer have that pain. Thank you much, Cameron
 

Read other answers
RELEVANCY SCORE 50.8

So I have the dreaded cpvfeed virus on a few-years old Dell, running Windows XP Home. Here is the log from Hijack This:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:41:31 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\retadpu2000219.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Yahoo!\... Read more

A:Yet another cpvfeed virus post

Hi, Welcome to TSG!!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

 

Read other 3 answers
RELEVANCY SCORE 50.4

hey this is my log ive used multiple antivirus and scanning programs and it still cant detect it i know ive deleted some files also just letting you guys know. please help. thanks

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:14:24 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Mic... Read more

A:Solved: annoying cpvfeed.com virus can someone please help me?!!?! my log is there

Read other 16 answers
RELEVANCY SCORE 50.4

Hi -

I picked up the CPVFEED virus and possibly other viurses too. I am running WinXP Home edition SP2 on an eMachine running Trend Micro Internet Security PC-cillin 2007 version 8.32 (set at medium protection when I got infected, now at maximum). Symptoms of infection are:
- a much slower running machine
- a new IE window created every few minutes trying to reach the CPVFEED site (but it's blocked so it fails)
- I normally use Firefox version 1.0 and once in a while my current webpage is redirection to another one without me doing anything (redirected to virus protection websites, others).

I downloaded Hijackthis and the log of a run is below. Please help in helping me to clean up my machine. If I need to include any more information please let me know. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 8:38:26 AM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\... Read more

A:Solved: Help with CPVFEED virus (and possibly others?)

Read other 14 answers
RELEVANCY SCORE 50.4

I need help on how to get rid of this annoying cpvfeed virus where ads keep poping up!! I ran a bunch of anti-spyware software but nothing works. I would greatly appreciate any help! Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:27:41 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Common Files\{C8ABED28-069E-1033-0314-020105290001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent... Read more

A:Solved: Need help getting rid of cpvfeed virus - have hijackthis log

Read other 9 answers
RELEVANCY SCORE 50

Hi everyone,

I've got a persistent issue on my PC. I have had no help from Microsoft, McAfee, Norton, or the following tools which I have tried: LavaSoft's Adware, Spybot, CCleaner, Prevx1, TrojanHunter, or Spyware Doctor.

The issue began with odd sites popping up. It escalated with the inability to open any folders without an explorer.exe error, and a lot of viruses showing up in McAfee.

I got the machine booted into Safe Mode, ran all of the above tools (including HiJack This), and have gotten the machine to boot again. Unfortunately every time I load IE for any purpose, while Spyware Doctor is catching the infections as they occur, my machine is continually trying to pull down malicious code from winantivirus.com, url.cpvfeed.com, 85.17.3.250, etc. They are bunches of random applications, including trojan.downloader.hookcon.

I've followed every set of instructions out there I can find. I've deleted every key using HiJack This that appears to be an issue. The PC is still trying to download malicious code every minute or so. Unfortunately I work from this PC and I am a small business owner, so this has created a work stoppage for me. I've pasted my log file for HiJack this, and would appreciate any help anyone can give!!

Thank you..
Dani

Logfile of HijackThis v1.99.1
Scan saved at 8:49:27 PM, on 3/16/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.... Read more

A:Persistent Virus, url.cpvfeed.com, no luck with any software

are you using windows xp with the restore feature? let me know and i will tell you what i did with all those so called viruses. fmartinis
 

Read other 3 answers
RELEVANCY SCORE 50

I'm frequently experiencing IE popping up with http://url.cpvfeed.com website, and many others. (I'm working in Firefox). Can you help me remove this?

My laptop is HP Pavilion, and I'm using Windows XP Home edition.

This is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:18:28 PM, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iT... Read more

A:cpvfeed popup virus - hijackthis included

Read other 13 answers
RELEVANCY SCORE 49.6

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

A:Persistant virus

Hi,
sorry for the delay here are the contents of the log files in order please note I did not run combo fix because everything was Chinese
 
 
# AdwCleaner v3.017 - Report created 14/01/2014 at 16:32:35
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Admin - EPICMINECARTZ
# Running from : C:\Users\Admin\Documents\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : fe885e3d
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\SafetyNut
Folder Deleted : C:\ProgramData\SoftWarehouse
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\ProgramData\grreatusavera
Folder Deleted : C:\ProgramData\GrtSCouponApp
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\grreatusavera
Folder Deleted : C:\Program Files\GrtSCouponApp
Folder Deleted : C:\Users\Admin\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Admin\AppData\Local\torch
Folder Deleted : C:\Users\Admin\AppData\Local\vghd
Folder Deleted : C:\Users\Admin\AppData\Local\webplayer
Folder Deleted : C:\Users\Admin\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Admin\AppData\LocalLow\somotomoviestoolbar1
Folder Deleted : C:\Users\Admin\... Read more

Read other 7 answers
RELEVANCY SCORE 49.6

Hello,

Yesterday my computer was attacked by the S.M.A.R.T virus, complete with the System Write Fault error boxes flooding the desktop and all of my programs being hidden, and thus far all of my efforts at getting rid of it haven't worked. I am not by any means a computer expert, but I did follow the guide for removing this virus and have so far really only succeeded in being able to unhide my icons. I do not really know how much information is needed to assist me, so I will simply give all that I have available to me.

I was able to get into Safe Mode with Networking without difficulty, and was able to download and run RKill, but it did not find any malware. It might also be important to note that the pop-ups have not happened in Safe Mode, though the icons were still hidden originally (I have since unhidden them.)I read of a similar situation in a different forum topic where the person helping stated that in cases like that they would need a closer look, so I am hoping that this post will allow that. I also ran an updated Malwarebytes full scan and found three infections, though it does not appear that Malwarebytes is able to fully remove them. I have Removed Selected multiple times after running this scan multiple times, in both Safe Mode and normal mode, though occasionally Malwarebytes finds nothing at all. I also ran a TDSSKiller scan and found nothing, though that was sort of what I expected since I have had none of the google redirecting problems mentioned.

I h... Read more

A:S.M.A.R.T virus being very persistant

Hello again,

Naturally, I only managed to make any progress removing the S.M.A.R.T virus after posting on the forum asking for help. I am remaining skeptical that the issue is fully resolved, but upon restart I am no longer flooded with message boxes, nor is there any false security alert. I ran hitman pro in safe mode and it appears to have removed the infection, as further scans of both hitman pro and malwarebytes, as well as Rkill in normal mode, have shown nothing (which is a new development.)

I realize that this is well before the estimated time by which I should expect anyone to respond to my post, but I wanted to update you on the situation prior to someone beginning helping me. I will continue to run scans to make sure that everything is in fact ok, as I suspect I may not have fully managed to kill this virus, and any help in that regard would be appreciated.

Read other 8 answers
RELEVANCY SCORE 49.6

I have cleaned my computer both in normal and safe mode with Ad-aware, Spybot and Norton Antivirus but cannot get rid of a virus called Trojan.Elitebar...Norton tells me in a pop up that it has automatically deleted it but it comes back sometime later!!....any clues?
 

A:Persistant Virus!!

Please click on this site for full information on this pest and how best to remove it

http://securityresponse.symantec.com/avcenter/venc/data/trojan.elitebar.html

And Happy Birthday for Saturday !!!
 

Read other 3 answers
RELEVANCY SCORE 49.6

I got a virus the other day and have run many different programs to try and fix it. It keeps making pop ups saying that i have a virus and to download this program to fix it.

Ive ran SB S&D, VundoFix, Avenger and SuperAntiSpywarePro but it is still making some popups Help please!

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:46 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\P... Read more

A:Persistant Virus

Hello diablo1903,

Some serious infection loaded there. Let's get some more details then start from repairs from that view.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a the second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)
 

Read other 1 answers
RELEVANCY SCORE 49.6

Heythere, My cpu load usually sit about 0-1 percent idle, when i open task manager its at 40-60 and instantly drops to 0, also, computer runs slow, imminent, conduit etc keep re appearing every week after manual removal, which programs should i run? AVG finds nothing at all, cheers

A:Persistant virus?

Farbar Service Scanner Version: 13-09-2013
Ran by Michael (administrator) on 15-10-2013 at 01:49:21
Running from "C:\Users\Michael\Desktop\Tools\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============

Firewall Disabled Policy:
==================
System Restore:
============

System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============

Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-11 01:24] - [2013-... Read more

Read other 9 answers
RELEVANCY SCORE 49.6

Right ho, a few days ago I quite stupidly chose to open a program that I wasn't sure whether it was safe or not and lo and behold am now infected with a virus which AVG picked straight up on and then caused my computer to restart itself (luckily I wasn't in the middle of anything important at the time). I'm getting various 'Threat Detected!' messages, generally about 5 or 6 if I'm online for 2 hours. I've been moving these to the Virus Vault and the majority of them are in my Temporary Settings and say 'Virus found Lop'.

I've done around 20 virus scans in the past few days and it looked as though I'd got rid of it but when I logged on today the messages are coming back again and I am noticing little things wrong such as popups whenever I use Internet Explorer trying to get me to install various spy and malware removal packages, as well as things running just that bit slower than usual and I also had a small problem that I couldn't connect to any wireless networks around the other day (and as thats the only way I can get online without freezing to death in our conservatory its a bit of a pain)

Help getting rid of this bugger would very greatly be apprectaited as I use my laptop to do online shopping and the like a lot and I'm now exceptionaly paranoid about it. =(

Here's my hijack this log, hope you can help me!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:29, on 08/03/2008
Platform: Wind... Read more

A:Help with persistant virus

Thanks for the lack of replies. =/

Just to let you know I got a new laptop for my birthday so this one is just being formatted and sold on now. So I don't need the help any more.
 

Read other 1 answers
RELEVANCY SCORE 49.6

I've got a virus that I can't shift. It appears to be in the system restore area. I've run Adaware, S&D and AVG which has removed a lot of junk.

Could someone have a look at the log and tell what what to zap to remove the virus.

EDIT - Internet access (cable) is also being blocked by something.
Logfile of HijackThis v1.98.2
Scan saved at 23:08:49, on 20/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\ACCSTAT.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\APPS\ACTIVBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\APPS\SENSIVA\SENSIVA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\APPS\ACTIVBOARD\TRAYMON.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\APPS\ACTIVBOARD\OSD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\SECURITY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.co.uk/search
R0 - HKCU\Sof... Read more

A:Persistant Virus

Turn off system restore by following instructions here

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.
THEN
Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked
F1 - win.ini: run=c:\windows\system\pixel32.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /nocomm
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [ASHLT] C:\WINDOWS\Ashlt.exe
O4 - HKLM\..\Run: [Mmgsvc] C:\WINDOWS\mmgsvc.exe

O4 - HKCU\..\Run: [Mmgsvc] C:\WINDOWS\mmgsvc.exe

O12 - Plugin for .pdf&rank=3&source=AstWebSearch&searchType=MS&partner=Google&query=Zambezi+River+Authority,+Kariba*: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide prote... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

I have this same problem and am also curious to know what, if anything, can be done//Mod edit: This post split from HJT log here

A:Persistant Virus Alert Pop Up

See this post "Preparation Guide For Use Before Poasting A Hijackthis Log." Instructions for receiving help in cleaning your computer."

Read other 1 answers
RELEVANCY SCORE 49.2

I have been working on this PC for days and i can't seem to get the malicious file to stay out. I've run hijackthis, smitfraud fix, avira AV, spybot & AVG antispy. It always finds files , deletes them and after reboot ....files return with a vengence. I'm running out of ideas.... Please help !!!!

A:Persistant Malware/ Virus

Run a full system scan with your anti-virus and post the log back here.

Read other 1 answers
RELEVANCY SCORE 49.2

I am having difficulties with my computer, that are becoming increasingly frequent and very annoying. Help me please.

I am unable to run Spyware Doctor because it is unable to update. I am unable to do a Windows update, as it takes me to msn.com instead.

I have constant popups, with popups within popups. My Google tool bar has disapeared. When clicking on a link from one page, I am either taken to a completely different page, the page refuses to load, or parts of it load and parts have an 404 error message.

I am unable to use my wireless connection.

I have tried many of the online cleaners. Some I am unable to even run or download. Others when run detect no viruses.

Malwarebytes always finds the following problems,

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.167 85.255.112.187 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{53e9fa2f-6f10-400f-93e1-30a6b9b751b2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.167 85.255.112.187 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89f7a904-3daf-4f4c-8ba6-e7d18766c3a1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.167 85.255.112.187 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\S... Read more

A:Need help with persistant trojan/virus

Hi Welcome to TSG!!

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System


Download the file & save it as it's originally named.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.

Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it ... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

HiI am seriously hoping that you can help us, my husbands pc got this pop up window 2 days ago saying that he had infections and trying to steer us to purchase their softwarewe ran AVG, A2 both found nothingwe then ran spybot search and destroy, which said that it found a few things and dealt with them but still it did not rid us of itwe have since ran Ewido and adaware se, still to no availwe have followed instructions re: performing the scans in safe mode, they all say that they have found stuff and that they have removed it but none of it is this spyware quake that we are plagued withone of the programs we were recommended to try was smitrem, we did and are now not sure this was good as other programs see it as potential risk??on every boot up we get a windows installer box, if we click cancel then the spywarequake 2.0 program does not install itself but we still get the pop up window saying we are infected.windows defender has detected this program trying to change autostart/runkeys and has said it has blocked it but still we are plagued.have ran an activescan and its report is as followsIncident Status LocationPotentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Ky McKenzie\Desktop\smitRem\Process.exePotentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Ky McKenzie\Desktop\smitRem.exe[Process.exe]Potentially unwanted tool:Application/Processor Not disinfe... Read more

A:Persistant Virus Alert Pop Up - Pls Help

Hello,* Download Roguescanfix from here:http://www.martijnc.be/tools/roguescanfix.exeDownload it to your desktop.Doubleclick roguescanfix.exeClick the 'install' button.This will create a new folder on your desktop called Roguescanfix.Open that folder and click: Run.batThis tool needs internet connection so it can download an additional file to let the tool work properly.If your firewall gives an alert, allow it instead of blocking it.Let the tool perform its job.Let me know if that solved the problem.

Read other 20 answers
RELEVANCY SCORE 49.2

Hi there, thanks in advance for taking the time to look this over and hopefully help me out.

I'm pretty sure all this started after downloading a torrent yesturday. Since then my comp as been running incredibly slow and i can't open explorer without getting pop-ups, including ones that want me to download "anit-spyware" apps and then the page i'm trying to view never even loads. i've run norton multiple times and it never comes up with more than a tracking cookie. My OS is windows xp home. Here are my logs:

ComboFix 08-05-09.1 - Owner 2008-05-09 21:10:38.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.604 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\hkjmijxj.ini
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\wGMSuBeg.ini
C:\WINDOWS\system32\wGMSuBeg.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-09 12:31 . 2008-05-09 12:31 2,048 --a------ C:\WINDOWS\system32\ejospqar.exe
2008-05-09 12:28 . 2008-05-09 12:28 133,120 --a------ C:\WINDOWS\system32\caelbniw.dll
2008-05-09 12:24 . 2008-05-09 16:33 109,816 --a------ C:\WINDOWS\BM73a39b55.xml
2008-05-09 12:22 . 2... Read more

A:Persistant malware, probably virus

Just an update:

Since my comp is running so slowly i used another comp on the network to post my logs. This one has been infected also, i'm assuming becuase i used the network to get my logs from the other computer. Pop-ups were coming up like mad, task manager was disabled, and my desktop image was changed with a link to a spyware scanner site. I ran combofix and now everything seems to be back in working order on this comp, but the one the above logs pertain to is still infected. One file that jumped out to me that was deleted was mrofinu17.exe. Here's this computer's logs:

ComboFix 08-05-09.1 - Natalie 2008-05-10 14:02:11.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.372 [GMT -7:00]
Running from: C:\Documents and Settings\Natalie\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Natalie\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Natalie\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Natalie\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\Yazzle... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

Hey there, I have had a persistent audio virus witch runs audio commercials in the background nearly every time I have internet connection. I have had this virus for several months now and I'm beginning to lose it. I have run avast as well as other various softwares and none have not identified the culprit. I am not entirely savvy with computers so bear with me, i know you'll ask for log reports etc. but I'm not sure how to uncover those. Any help would be wonderful, thanks.

A:Persistant audio Virus

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 48.4

Hello again,

Not too long ago I'd written to your team concerning a problem on my system. It's a tricky virus which seems difficult to kill off, it's process tree name is 3HFr37wd.exe. I had posted the hijackthis log and your team had me 'fix checked' on a particular item. It provided temporary relief (aka you guys nailed the problem file) however it seems to be respawning itself after being done away with. I'm curious to know if you guys can help me figure out the source that's causing this virus to regenerate itself. Last time I'd rebooted my system and posted the lengthy hijackthis log, (usually after reboot I close down all unnessesary process trees leaving a very small list behind), and from deductive reasoning I know one of these few process trees is the problem file regenerator -- so I'll just post the current running hijackthisd log (in other words: I'm going to run a hijackthis log now and post it, it's a small list that dosen't include nearly all the startup processes, one of which is an infected/malicious file)

The file that causes the problem that you guys had me fix was:
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\t55RwbWD.dll

something from the following list seems to be respawning it after correction:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:12 PM, on 10/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7... Read more

A:Persistant Virus / Malware (3HFr37wd.exe)

I have already offered to help you here:
http://forums.techguy.org/malware-r...s/754879-acrord32-exe-3hfr37wd-exe-virus.html
 

Read other 1 answers
RELEVANCY SCORE 48.4

Hi guys,

I know there are several threads on this virus already, but I would appreciate your individual attention. I have tried the solutions on those threads and have not had any success yet.

When I use google on either Firefox or IE I get redirected to shopica or topdaofinder or toseeka (?), or some other variant. I noticed while trying to load one of these sites at the bottom it says trying to connect to googlesearchserver.net. Not sure if that's normal. I thought google search server was called something else?

I've ran Spybot, Adaware, Malwarebytes, ComboFix, Anti-Puper and some other stupid anti-malware demo's not worth mentioning. I'm also trying this paretologic virus scan right now, but I don't have my hopes up.

Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:18 AM, on 7/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\ico.exe
C:\Program Files\HP\HP Software Update\hpwuS... Read more

A:Persistant Google Redirect Virus

Just giving a bump, I was on page two already . Dang, a lot of people seem to be having this problem.
 

Read other 1 answers
RELEVANCY SCORE 48.4

i've had a problem with a group of viruses for a while now, i'm using superantispyware and malwarebytes to get rid of these infections but they keep coming back every few restarts. same old routine, windows defender pops up with a message about a virus called hiloti i think, i remove it, run superantispyware and malwarebytes and they find between 30 and 40 other infected items, i'll remove them, some of them are files in my system folders which ends up causing problems with windows activation, i run sfc /scannow in command prompt which solves the problems for a while at least, few restarts later and its all back.here my hjt log just before i removed them using sas:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:11:23, on 15/04/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\System32\rundll32.exeC:\Windows\RtHDVCpl.exeC:\Windows\System32\rundll32.exeC:\Program Files\ASUS\ATK Media\DMedia.exeC:\Program Files\P4P\P4P.exeC:\Windows\ASScrPro.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\DAEMON Tools Li... Read more

A:persistant virus/malware problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hi,

I am trying to fix a friends computer and the viruses/malware problems keep coming back.

I have run Norton AV, run the Trend Micro online scan, run spybot S&D and run vudofix etc and hope i have cleared the problem. The viruses/malware found by these programs are Vundo, trojan.pathep!inf, mediaticket, purityscan

I would be grateful if you could check my HJT log and let me know if any other problems exist. The computer is running quite slow, so something may still be there.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:49, on 06/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Fil... Read more

A:Persistant Virus/Malware problem

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the ... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

I have had the most fun you can have with a pc without it blowing up in the last two weeks i have a series of trojan , viri, spyware working in tandem that i can`t get rid of, i have tried and am still using malwarebytes , DRweb , avast, 360 , a program from this link
http://inspiration.nyp.edu.sg/Virus.html
Advanced system care ,rkill ,and a few others combofix among them the virus returns soon after cleaning
inserts itself in a win 32 location , this allows firefox to be hijacked, as it uses the service host,:ie the antivirus says the location of the infection is c:\windows \system32svrhost.exe , and points to an object with a mile long tag , to do its evil ,when firefox is redirected it goes to 199.80.55/go-php?
and then loads a random page ,I can overcome this eventually by removing recent history and retyping my google search , but all of this is in vain because within minutes its back
the trick is that it uses firefox to start the reaction, can anyone suggest a way round this little sucker
much appreciated that you have read this by the way i have mwb reports if anyone wants to see them

A:persistant virus ,spyware ,trojan

hi welcome to tsf, please head straight over to here http://www.techsupportforum.com/f50/ and do the first steps before posting
http://www.techsupportforum.com/secu...oval-help.html
they are busy over thier so be patiant, someone will get to you. if you have any problems with any required steps move on and make note in your post.

Read other 1 answers
RELEVANCY SCORE 48

[EDITED TO INCLUDE EXACT WORDING OF MESSAGE]I came to the forum and made this thread to describe my problems. Recently, it has gotten worse, and Sashacat directed me here. The latest issue is that I cannot access Safe Mode. Whenever I start my computer, it takes me to a black screen with white font similar to the boot screen. If I press F1, it does take me to the Windows XP loading screen, but I am concerned that pressing F1 is activating something that might be harming my computer. Pressing F8 does not work. It won't take me to the screen that gives me the option of going into Safe Mode, just the strange Phoenix Systems screen. There is an image of what appears to be a ribbon to the left of the first two lines, but this is what it says:"Phoenix - Award WorkstationBIOS v6 . 00PGCopyright ? 1984-2003, Phoenix Technologies, LTDDiskette drive 0 seek failurePress F1 to continue, F2 to enter SETUP"I am concerned.Also -- my computer won't let me unzip the GMER file. Usually, this happens automatically for me, but it is not. I am sorry if I'm not supposed to post here if I don't have the GMER log too, but I wasn't sure what to do. If I can't unzip it, is there another way to get access? I run Malware every few days, and each time, I have an infection (or three). It seems to be the same infection, but it always has different names, hence why I can't identify a single one. I know when I have it because I will open Firefox and the page will load as "Untitled" with a blank screen. If I ... Read more

A:Persistant Malware, cannot identify single virus.

Hello Kitties my name is Sempai and welcome to Bleeping Computer. *We apologize for the delay. Forum have been busy.* Please stay with me until I declare that your computer is clean as most users don't reply anymore once they found out that their computer is running smoothly, but absence of symptoms does not mean that a computer is free from infection.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.++++++++++++++++++++++++++++One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community... Read more

Read other 6 answers
RELEVANCY SCORE 48

Hey,
Any help will be appreciated.
I'm not sure what this virus is. It's very persistant.
It blocks the use of Malwarebytes. Webroot runs ok. It wont allow me to use the Task Manager. It says that my administrator has blocked it, even though I am the adminstrator. I have had several pop ups in new windows. Also, i tried to write a cd, but my drive won't recognize the cd. I've never had that problem before. It would recognize the usb port either. I'm getting fake warnings about a trojan with a little red circle with a white X in the center of it on my toolbar. It prompts me to download some antivirus software from windows. Webroot has found some interesting files: Tajopava.dll, __c001900.dat, and dofakase.dll. I have already tried to get rid of Tajopava.dll, but it came right back. Also, does anyone know what this file is? 1041o.exe? I have been trying to get rid of it for a while, but it's still there.
I am a photographer and there are some very important files that I need. I would hate to lose them.
Thank you again,
ArchAngel677

DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Administrator at 15:29:38.45 on Mon 11/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1341 [GMT -6:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsume... Read more

A:Infected with persistant virus. It blocks Malwarebytes

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 48

Hello, I'm dealing with some incredibly annoying Virus or AdWare or somethin', I've tried quite everything I know, with no luck. I even have tried reformatting my PC, but I think it hid in one of my slave Hard Drives, because I'm having the same problem again, Thanks in advance for any help, Here's my HiJackThis Log:



Logfile of HijackThis v1.99.1
Scan saved at 7:07:06 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\AIM\aim.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\iTunes\iTunes.... Read more

A:Verry persistant Virus/AdWare, Can't remove it.

Hi, welcome to TSF

Sorry for the delay. if you still need help,

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Read other 1 answers
RELEVANCY SCORE 47.6

Mod Edit..Merged posts,deleted duplicates ~~ boopme
 
Attached: DDS, Combofix, AdwCleaner
History:
Please Help. The virus is multiplatform. 3yrs ago started on xp. Could not reformat, fdisk stopped - windows reported bad sectors - virus prob there. Rewrote MBR, DoD formated disk. Feel like it reflashed the BIOS.
Behavior:
Windows 7. Network connection acts up first. A 3rd console shows up that i cannot disconnect from... imagine thats how the virus is updating. Programs stop working properly, but not that progressed yet. Keeping computer away from wifi bc I know it will get worse.
The virus transfers to everything I plug into the computer and I'm desperate to identify how to remove this thing from all my devices. I'm hoping someone can put a name to it.
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16686
Run by SinisterLogik at 11:17:50 on 2013-12-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1953.1254 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\... Read more

A:Can't ID PERSISTANT nasty virus. Jumps drives. DDS attached

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SinisterLogik [Admin rights]
Mode : Scan -- Date : 12/28/2013 21:01:51
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤... Read more

Read other 27 answers