I clicked on a website during lunch today and it installed all sorts of malware/spyware on my computer. I installed lavasoft adware SE and it helped but there seems to be too much for it, ran full scans 3 times including one before windows completely loads and still popups are apearing at a rate of 1 per 15 seconds. I am updating windows as I type (and close new ads) Can someone please tell me what I can choose to delete from Hijack this after the windows updates install? Thanks.
Ok, windows update is completed, and I ran the online spyware scanner suggested as well as the lavasoft se and the log file has been reduced, but the popups are still commin. Please help. THanks in advance.
I did a complete norton antivirus scan last nite, found no viruses. But about 30IE windows were open when I came in. Ran CW Shredder then followed up by spy subtract. Popups greatly reduced but there seems to be about one or two left. I ran Hijack this again, theres the new file:
Logfile of HijackThis v1.99.0
Scan saved at 8:56:49 AM, on 2/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\PortReporter\portreporter.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\jan9hz2g\jan9hz2g.exe
C:\WINNT\system32\Pbnbxp.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\sysmonnt.exe
C:\WINNT\system32\iniogsvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mbrennan\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pwcproxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = powerconceptsllc.com;ny.powerconceptsllc.com;192.168;<local>
O2 - BHO: (no name) - {3CC8B4E4-F011-4CA1-96F1-19FB964683EB} - C:\Program Files\jan9hz2g\jan9hz2g.dll
O2 - BHO: (no name) - {4E8B6A16-A410-40F5-A049-CFA88CF869AA} - C:\Program Files\jan9hz2g\jan9hz2g.dll
O2 - BHO: (no name) - {57F4AAB0-7BDC-438A-8A3D-A36487128B43} - C:\Program Files\jan9hz2g\jan9hz2g.dll
O2 - BHO: (no name) - {A012702E-C450-49B9-86EC-AAEDD46E6E81} - C:\Program Files\jan9hz2g\jan9hz2g.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E8E66D8F-D58F-465E-8256-C63D2A1BA289} - C:\Program Files\jan9hz2g\jan9hz2g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jan9hz2g] C:\Program Files\jan9hz2g\jan9hz2g.exe
O4 - HKLM\..\Run: [secure] C:\WINNT\system32\Pbnbxp.exe
O4 - HKLM\..\Run: [gwmefgr] c:\winnt\system32\gwmefgr.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [pxvzwc] C:\WINNT\system32\pxvzwc.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\eliteyel32.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINNT\system32\sysmonnt
O4 - HKCU\..\Run: [HovqRhd8W] iniogsvc.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ny.powerconceptsllc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ny.powerconceptsllc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ny.powerconceptsllc.com
O23 - Service: CWShredder Service - InterMute, Inc. - C:\program files\InterMute\SpySubtract\CWShredder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Port Reporter - Unknown - C:\Program Files\PortReporter\portreporter.exe