• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Celina

AV programing finding many adware.(name) files

2 posts in this topic

when i run norton 2004 it finds the files adware.iefeats, adware.browseraid, adware.winshow, adware.Ncase, adware.statblaster, adware.winfetch.

 

also when i run trojanhunter fully updated it finds adware.jdf.100 nbx.100 luxi.100 and wowex

 

it finds about 12 adware.iefeats files that seems to be the biggest problem

 

when i run HJT this is everything it tells me

 

please help this adware stuff is getting insane they install things on my computer without me knowing

 

 

Logfile of HijackThis v1.97.7

Scan saved at 1:45:35 AM, on 7/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\appne32.exe

C:\documents and settings\main\local settings\temp\v5I9Y3ZIh.exe

C:\WINDOWS\System32\comsnap735v.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\ipfa.exe

C:\Program Files\TrojanHunter 3.9\THGuard.exe

C:\Program Files\Common Files\Symantec Shared\NMain.exe

C:\PROGRA~1\NORTON~1\navw32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bypew.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bypew.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bypew.dll/sp.html#96676

O2 - BHO: (no name) - {75DA5B79-BB0F-7591-1E95-0650631B2DE5} - C:\WINDOWS\system32\ienr.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [appne32.exe] C:\WINDOWS\system32\appne32.exe

O4 - HKLM\..\Run: [ndw] C:\Program Files\ndw\ndw.exe

O4 - HKLM\..\Run: [v5I9Y3ZIh] C:\documents and settings\main\local settings\temp\v5I9Y3ZIh.exe

O4 - HKLM\..\Run: [3TL#F#62GQ3K6N] C:\WINDOWS\System32\YgwaH.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [p77T35V] dgncan.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [comsnap735v.exe] "C:\WINDOWS\System32\comsnap735v.exe"

O4 - HKLM\..\RunOnce: [mfcxe32.exe] C:\WINDOWS\mfcxe32.exe

O4 - HKLM\..\RunOnce: [ipfa.exe] C:\WINDOWS\ipfa.exe

O9 - Extra button: AIM (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hi Celina,

You are infected with the Peper Trojan. Download Option^Explicit’s PeperFix=http://downloads.subratam.org/PeperFix.exe & save it to your Desktop.

Click Find & Fix.

Reboot, and run PeperFix.exe again.

 

Next, please update your version of HijackThis. Double click the exe, go to Config > Misc Tools. Hit Check for update online, & then OK.

 

(NOTE: Be sure you check the header of your log (EX: Logfile of HijackThis v1.97.7) before you post it here. Your updated version should say: Logfile of HijackThis v1.98.0. If your header does not say 1.98.0, download the updated version from here.)

 

Download About:Buster from either of the following locations.

http://www.atribune.org/downloads/AboutBuster.zip

or

http://tools.zerosrealm.com/AboutBuster.zip

Unzip it to your Desktop.

 

(DO NOT RUN ABOUT: BUSTER YET)

 

Run your updated HijackThis and post a new log here.

Edited by 808chick

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0