Go Back   Cyber Tech Help Support Forums > Software > Malware Removal


Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Topic Tools
Old December 22nd, 2007, 10:26 AM
Murrel Murrel is offline
New Member
Join Date: Dec 2007
Posts: 1
popups popups popups {Moved by PL}

as the title states im having a popup problem, one of them states in a "Microsoft internet explorer message

"securepccleaner may find dangerous traces that need to be cleaned. don't let your privacy and reputation to be ruined by them. making your private information public can cause problems with your boss, family or friends. click 'ok' to start securepccleaner scanner to remove compromising traces and setup controls to protect your privacy by cleaning and removing dangerous information"

now of course im not dumb enough to click ok, another one in a "windows security alert" message reads

"windows has detected an internet attack attempt... Somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protection."

after that one this popups in an browser window.


i ran highjack this and got this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:28 AM, on 12/22/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Murrel Hastings III\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BDEX System - {7F719D62-623C-4F70-9244-8CAEC58B041B} - D:\WINNT\ttvbonfwt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {C31D988D-A314-49BB-BA51-7F57DEE5EA34} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1198105404285
O21 - SSODL: xcvwer - {6211F043-9700-4CE2-8B71-870B5ED774B0} - D:\WINNT\xcvwer.dll
O21 - SSODL: hjoqor - {5D239B17-0034-42FE-9851-E1E21F14BDB7} - D:\WINNT\hjoqor.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

End of file - 3348 bytes

also i tried to go into the task manager and it says it is blocked by the administrator.....

Please help
Reply With Quote
Old December 22nd, 2007, 12:43 PM
Redapple Redapple is offline
Senior Member
Join Date: Jan 2007
O/S: Windows XP Pro
Location: Netherlands, The
Age: 35
Posts: 281
You better get help in this selection of the forums. Thanks.
Reply With Quote
Old December 23rd, 2007, 08:14 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Hi Murrel. Download the latest version of Combofix.exe from here and save it to your Desktop.

Doubleclick on combofix.exe and follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes, Disk Cleanup will run and then a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Copy this log in your next reply together with a new HijackThis log.

Also go here and download Silent Runners.vbs to a new folder on your Desktop (Clicking the the download link works if you use IE. If you use FireFox, rightclick on the link and choose "Save Link As") and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (make sure you wait for the popups please) Please post the information back in this thread too (you may need to make a couple of posts). If your antivirus program queries the script, allow it to run. It's not malicious.
Reply With Quote


Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
PLEASE HELP!!! (Adaware, popups, etc.) Moved from XP by Murray RubyQT Malware Removal 33 October 31st, 2008 10:56 PM
to stop spyware and malware popups: Moved from WinNT by Murray padmee Malware Removal 9 December 6th, 2007 12:17 PM
Windows XP Help-Popups: Moved by Tom djazza Windows XP 7 June 10th, 2007 10:16 AM
Annoying Popups and Infostealer,Winnfix etc: Moved from XP by Murray beaverman Malware Removal 24 April 30th, 2007 02:25 AM
Very slow, too many popups.. Please Help!!!: Moved from XP by Murray erinz2418 Malware Removal 0 July 11th, 2006 06:41 PM

All times are GMT +1. The time now is 09:49 AM.