pop ups non stop even when not connected to the internet.

S

schatten789

New Member
I get pop ups all the time some days they come up almost non stop wile others there or only 5 or 6 in the day. I know its a virus becuase I have used ALOT of different spyware softwares and 2 or 3 anti virus programs.

I read somewhere on this site that the svchost.exe is a spyware and there is like 5 of them running under processes in the task manager.

I did a hijackthis thing that I saw in a bunch of the other threads.

Here is the log thing.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:54 PM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
I:\WINDOWS\system32\Rundll32.exe
I:\Program Files\AIM6\aim6.exe
I:\Program Files\AIM6\aolsoftware.exe
I:\Program Files\ATITool\ATITool.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\taskmgr.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\WINDOWS\system32\cmd.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - I:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] I:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "I:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ATITool.lnk = I:\Program Files\ATITool\ATITool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4406 bytes
 
Last edited:
i had too seen that svchost.exe is a virus on many websites but it's not

and svchost.exe really takes much amount of memory and there are 5 - 6 svchost processes running in the background

but when running with many different antivirus and antispyware products they couldn't find anything.

so can anybody why do it takes so much of the memory
 
svchost.exe is not a virus. it is just a windows genric host file.
and yea, post ur combofix log here.
pls. try running spybot search and destroy from safe mode.
 
ComboFix 07-09-21.2 - "G" 2007-09-21 15:57:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.191 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\WINDOWS\system32\drivers\core.cache.dsk
I:\WINDOWS\system32\drivers\core.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 15:57 51,200 --a------ I:\WINDOWS\NirCmd.exe
2007-09-20 19:52 <DIR> d-------- I:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 15:41 --------- d-------- I:\Program Files\Steam
2007-09-18 17:01 --------- d-------- I:\Program Files\Morpheus
2007-08-25 20:24 --------- d---s---- I:\Program Files\Xfire
2007-08-25 14:11 --------- d-------- I:\DOCUME~1\G\APPLIC~1\Xfire
2007-08-17 22:28 --------- d-------- I:\Program Files\Replay Converter
2007-08-17 22:28 --------- d-------- I:\DOCUME~1\G\APPLIC~1\GetRightToGo
2007-08-07 21:51 --------- d-------- I:\Program Files\LFS Player Hacker
2007-08-01 13:30 --------- d-a------ I:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-25 17:16 --------- d-------- I:\Program Files\Trillian
2007-07-06 20:03 24192 --a------ I:\DOCUME~1\G\usbsermptxp.sys
2007-07-06 20:03 22768 --a------ I:\DOCUME~1\G\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-02 22:38 I:\WINDOWS\system32\P17.dll]
"UpdReg"="I:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"BootSkin Startup Jobs"="I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"LogonStudio"="I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
"QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="I:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]

I:\DOCUME~1\G\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
ATITool.lnk - I:\Program Files\ATITool\ATITool.exe [2006-12-08 10:23:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= I:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
I:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 I:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=I:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"I:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"I:\Program Files\Ipwindows\ipwins.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"I:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
"I:\Program Files\Logitech\Profiler\lwemon.exe" /noui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
"I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv2]
"I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe"

R1 ATITool;ATITool Overclocking Utility;I:\WINDOWS\system32\DRIVERS\ATITool.sys
R3 P17;Sound Blaster Audigy;I:\WINDOWS\system32\drivers\P17.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;I:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;I:\WINDOWS\system32\drivers\WmXlCore.sys
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;I:\WINDOWS\system32\DRIVERS\AN983.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;I:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;I:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;I:\WINDOWS\system32\drivers\WmVirHid.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ef82e07-de2d-11db-920b-806d6172696f}]
AutoRun\command- G:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ef82e08-de2d-11db-920b-806d6172696f}]
AutoRun\command- H:\launch.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2007-09-16 00:21:01 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 16:03:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 16:04:24 - machine was rebooted
I:\ComboFix-quarantined-files.txt ... 2007-09-21 16:04
.
--- E O F ---
 
You must log in or register to reply here.
Back
Top