But anyhow, here's my problem: While using the web, out of nowhere, I got a pop-up message stating that my computer had been infected with a trojan or some type of spyware, and they suggested that I download any available anti-virus program. Right after that, I got numerous pornographic pop-ups, the web browswer I was using kept on redirecting me to adult links/webpages, I had many unwanted and uncalled for icons on my desktop that I couldn't/can't remove and, lastly, my desktop wallpaper now has a plain bright blue background that says:
"Security Warning:
A fatal error has occured at 0028:C0011E36 in VXD VMM (01). Error was caused by Trojan-Spy.HTML.Smitfraud.c.
-System cannot function in normal mode. Please check your security settings.
-Scan your PC with any available anti-virus/spyware remover program to fix the problem."
I did everything that was asked in the "Before posting a Hijackthis Log" thread and it didn't seem to work. I also tried using numerous anti-virus programs (norton anti-virus, avast, xoftspy, etc.) one of which I even purchased (xoftspy 4.12) and installed SP2. I'm STUMPED! I don't know what to do anymore, so I went ahead and got a Hijackthis log in hopes that you guys can help me.
Logfile of HijackThis v1.99.1
Scan saved at 12:00:19 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Gloria ((Mom))\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0058/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCD4FC6A-D92D-4B1F-8D65-26C736B2F991}: NameServer = 63.200.115.40 206.13.28.12
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Well, there it is. I hope to hear from you guys soon, thanks!
Edited by ExOtiC_SwEeTs, 26 April 2005 - 02:30 PM.