Virus or no virus?

[charmed61]

I've got a HUGE problem... after my computer mysteriously wont start up. i had to erase all content and reinstall Windows XP. i installed everything including Northon. But for some reason the Northon Spyware Protection isnt working, i cant turn it on because it says i didnt install it on my computer O_o.

So instead, to make up for the spyware missing i downloaded "Avast!" and "Spybot Search and Destroy"

So now here's the problem: everytime i play a game like... for example the famous Maplestory. Or even just connect to the internet. i get a whole bunch of website pop-ups. Like a unknown wierd website would pop up from nowhere. it seems as the faster connection i use the more popups. sometimes 1 or 2 pop up come up when i switch between websites.

PLZ HELP ME!!! Anything would help!!!

[Justananomaly]

Spyware/Malware definatly. Not a virus.

Download and run both Ad-Aware SE and Spybot S&D and run one, fix issues, run the other, fix issues, and repeat at least twice and if you still have the issue i can walk you through custom things.

[lacrosse_man16]

Agreed its not a Virus. I would highly recommend that you get a real time scanner enabled anti-virus or get a firewall. A program that will solve all of your problems and is lightweight is NOD32. Its the best out there for all around protection.

[SilentWalrus]

It's spyware or malware.
Get rid of 'Northon', it's Norton by the way.
I'd get AVG or Kaspersky.

[Justananomaly]

AVG or Kasperky or Avast! are my favorite 3 (Not in that particular order)
Norton is concidered malware by definition, because its something that comes preinstalled with most retail pcs without you asking for it, its a pain to remove, and it constantly bugs you to pay for it.

[monahan]

In addition to what these guys are recommending, press F8 and scan for any malware in safe mode as this option normally doesn't allow any network connections unless you specify, meaning you have no active connection to the internet.

Did you get rid of the files responsible for propogating the malware as well?

[charmed61]

ok then i'm gonna get ad aware and fully scan it as well as with spybot... but where do i download those stuff u guys said? and i'll see if it fixes the problem.

Oh and it kinda have to be free :S

[monahan]

The home of Spybot-S&D!
Ad-Aware 2008 Free - Lavasoft

Remember to update and then log into safe mode by rebooting and pressing F8 as it starts up.

[charmed61]

ok i'm scanning right now and gonna take all your suggestion to delete norton... but do u know where i can download those virus protections you guys said? i particularly kinda want avast! since i used it before but i forgot where i downloaded it from... plus it was free

P.S. does Avast! protect from spyware?

[Justananomaly]

Avast! Home (Free) Edition

[charmed61]

ok i ran all the spyware scans... ad-aware found 2 things and i delete it... spybot S&D found nothing at all. but the pop up is still comming in. anymore help? =(

[monahan]

hrm.

Download Trojan Remover

Do me a favour and run that.

[Justananomaly]

If that doesnt work download Hijack This and run it and post the output list of running processes, but DONT change anything yet.

[charmed61]

ok i'll try both then tell u the results

EDIT: ok i just scanned the second time with spybot and it found something... "explorer.exe" -.- i know i'm not computer genius but i DO know i CANNOT delete this! if i do i'd loose everything! now what do i do?

[Justananomaly]

i just need the list of running processes, make sure you dont check or uncheck anything, ill tell you what to do later.

[monahan]

yeah, if you can post the windows processes, that'd be useful. could you also go to run?msconfig>startup and take a screenshot of that as well please?

[charmed61]

here's my running list:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1204500525406
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MGABGEXE - Unknown owner - C:\WINDOWS\system32\mgabg.exe (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe


EDIT: i got avast! but sometimes it stops working like... it freezes for 2 min or so then it start working again. it happens a lot

[monahan]

is registry booster something you installed?