1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Warning! Spyware Threat Detected On Your Computer!..."

Discussion in 'Virus & Other Malware Removal' started by Lifeforceone, May 26, 2008.

Thread Status:
Not open for further replies.
  1. Lifeforceone

    Lifeforceone Thread Starter

    Joined:
    May 26, 2008
    Messages:
    2
    I recently downloaded something and opened a file named "run.exe" and then my computer kinda died, the backround changed to blue with a text in middle, and when I dont move anything it will come larvas from the sides and crawl all over the screen. Also, i get popups wanting me to buy stuff and internet explorer changed start site and leads me to wierd stuff. With my 2nd computer i looked this up in google but couldnt rly find any good solution, since I didnt find something exactly the same, but i tried some anti spyware/malware programs, deleted some stuff. But now im stuck, the things i delete keeps coming back. I have stopped getting popups but my screen is still blue (text is removed), and everything i try is "Disabled by Admin" which cant be true since im the only 1 on this computer. The start bar and icons are all gone and i cant right click anywhere either. Also where the clock should be it sais "VIRUS DETECTED!!"

    I use XP and have Kaspersky 7.0.

    Im gonna try to post a HJT file as soon as i get back to my PC.

    Thx.
     
  2. Lifeforceone

    Lifeforceone Thread Starter

    Joined:
    May 26, 2008
    Messages:
    2
    Aight, I got the HJT

    Logfile of HijackThis v1.99.1
    Scan saved at 18:53: VIRUS ALERT!, on 2008-05-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program\Razer\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program\NetLimiter 2 Pro\nlsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\NetLimiter 2 Pro\NLClient.exe
    C:\Program\Razer\razertra.exe
    C:\Program\Razer\razerofa.exe
    C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program\Mozilla Firefox\firefox.exe
    C:\Program\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\DOCUME~1\Micke\LOKALA~1\Temp\Rar$EX17.4359\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.se/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: atfxqogp - {AC9264CC-124E-43B6-9144-8664D704A0BC} - C:\WINDOWS\atfxqogp.dll (file missing)
    O4 - HKLM\..\Run: [razer] C:\Program\Razer\razerhid.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Diamondback] C:\Program\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program\PPLive\PPLive.exe
    O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program\PPLive\PPLive.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
    O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll
    O20 - AppInit_DLLs: C:\Program\KASPER~1\KASPER~1.0\adialhk.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatisk LiveUpdate-schemaläggare - Unknown owner - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Listener Service (sprtlisten) - Unknown owner - C:\Program\Telia65\bin\sprtlisten.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Warning Spyware Threat
  1. midiboy
    Replies:
    5
    Views:
    480
  2. PacerFan1
    Replies:
    4
    Views:
    487
  3. TeeTee7
    Replies:
    1
    Views:
    724
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/715530

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice