• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
prog0407

This is WAR! (and I'm losing please help) Spyware

2 posts in this topic

Ok for about 1 year I was careful not to go to any questionable sites and I had no problems no popup blockers no spyware software and then about 2 weeks ago my computer started getting all this popups to dating sites to jack9.com and all these other sites at random times...so i installed adaware, avg antispyware, windows defender, and antivir all of which continuously detect trojan horses and various malwares when i run them but do nothing to stop the problem. I've tried deleting all temp files, booting into safe mode running all programs again and still get lots of problems and notifications of problems. If anyone can help I would really appreciate it. I've been running scans around the clock.

 

I stumbled upon Hijack this and the following is the scan result I hope this helps:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 8:02:10 PM, on 7/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\LEXBCES.EXE

D:\WINDOWS\system32\LEXPPS.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

D:\WINDOWS\system32\CTSvcCDA.EXE

D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\MsPMSPSv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\WINDOWS\CTHELPER.EXE

D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

D:\Program Files\Windows Defender\MSASCui.exe

D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

D:\Program Files\ATI Multimedia\main\ATIDtct.EXE

D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\ATI Multimedia\MAIN\ATISched.EXE

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

D:\WINDOWS\system32\msiexec.exe

D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Documents and Settings\Paul Rogers\Desktop\virus\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {01BE9176-2356-4898-8FC7-A16606568127} - D:\WINDOWS\system32\vturs.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {9A853E36-4A35-4DBF-9C03-AD9423798E35} - D:\WINDOWS\system32\ddcyaxy.dll (file missing)

O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [sBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] D:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ATI Scheduler] D:\Program Files\ATI Multimedia\MAIN\ATISched.EXE

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

O4 - Global Startup: Belkin Wireless USB Utility.lnk = D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll (file missing)

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161391559947

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab

O20 - Winlogon Notify: ddcyaxy - ddcyaxy.dll (file missing)

O20 - Winlogon Notify: vturs - D:\WINDOWS\system32\vturs.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Movielink Core Service - Movielink LLC - H:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE

 

--

End of file - 8800 bytes

 

Update Windows defender just popped up and said Trojan: Win32/Fotomoto.A Severe Alert Level Error encountered: Code 0x80508017. Some actions couldn't be applied to potentially harmful items. The items might be stored in a read-only location. Delete the files or folders that contains the items or, for information on removing read-only permissions from files and folders, see Help and Support.

 

Category:

Trojan

 

So does this mean I can't delete the trojan horse now?

 

I keep getting messages from Antivir that say trojan horse or other virus that ask if I want to block delete or ignore and I keep hitting delete so I hope thats ok?

Edited by prog0407

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0