Over 1 million tech questions and answers.

I need some help cleaning up some leftover spyware. . .

Q: I need some help cleaning up some leftover spyware. . .

I downloaded a bad file on accident and got inundated with trojans and all kinds of other garbage. So I ran a full MBAM scan and cleaned it all out, mostly. When I open up my browser (Firefox) This is what I see on the top of my browserI also randomly get a page that says "CONNECTION RESET BY REMOTE SERVER. something about reasons for errors, then a link that says RUN THE COMPLETE SCAN." Obviously it's a ruse and I just hit refresh and it goes away. Any help is appreciated

RELEVANCY SCORE 200
Preferred Solution: I need some help cleaning up some leftover spyware. . .

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: I need some help cleaning up some leftover spyware. . .

Hello please run these as instructed and post back 2 logs. If you have SpyBot running please disable it for these.From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Now Rerun MBAM like this.Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 5 answers
RELEVANCY SCORE 47.6

Hello,
I've been to rid my computer (Windows XP) of spyware and such, uneeded stuff running, as I can only get dial up and it's slow enough at best! If I can figure out how to get this Hijack This log attached, I would sure appreciate it if someone could look at it and tell me what maybe should'nt be there.I've learned alot and have enjoyed reading the forums, but I still don't know alot.
Thanks,
jilljo
 

A:Spyware Cleaning

This is what I use to control spyware, its the best.
http://www.webroot.com/
 

Read other 3 answers
RELEVANCY SCORE 47.6

i just ran hijack this and i dont know what to delete can you guys help please

this is the logfile

Logfile of HijackThis v1.99.1
Scan saved at 10:13:18 PM, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\The Del Duca's\Desktop\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:/... Read more

A:cleaning out spyware

i just finished running hijack this and i dont know what to delete can you guys help please

heres the logfile

Logfile of HijackThis v1.99.1
Scan saved at 10:18:17 PM, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\The Del Duca's\Desktop\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_U... Read more

Read other 4 answers
RELEVANCY SCORE 47.6

I have installed adaware se, spybot, spywareblaster, and cwshredder. Here is my hijackthis log. Is there anything I should remove? thanks

Logfile of HijackThis v1.98.2
Scan saved at 4:15:01 PM, on 11/27/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\W... Read more

A:new at cleaning up spyware

Read other 16 answers
RELEVANCY SCORE 47.6

hey, i just wanna help get rid of my friends spyware so i ran hijackthis and here are the results:

Logfile of HijackThis v1.97.7
Scan saved at 9:57:59 PM, on 2/6/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\Program Files\Semagic\LiveJournalU.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sarah.PC-YT538Q2SRRJ8\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3609
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3609
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3609
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E... Read more

A:cleaning out spyware

Read other 8 answers
RELEVANCY SCORE 47.6

Here's my Hijackthis Log, please advise on what to do.

Logfile of HijackThis v1.98.2
Scan saved at 7:42:49 PM, on 3/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\System32\hslejwh.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\System32\packager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Applications\HijackThis.exe

R1 - HKCU\Software\Micros... Read more

A:Need help cleaning up spyware!

do you have a anti virus program. i didn't see one. you need to download ad-aware ,spybot, spyware blaster. update all before running ,website below. also here is easycleaner ,it will take a lot of junk out of your system. please don't use "duplicates".

http://www.download.com/3101-2001-0-1.html?tag=pop

http://personal.inet.fi/business/toniarts/ecleane.htm#top
 

Read other 3 answers
RELEVANCY SCORE 47.6

I recently purchased a copy of CounterSpy and had problems with it ... it continuously hangs and found/deleted spyware keeps returning. I called their customer support and was told that the problems are related to the fact that I have Windows ME. They are currently working on a version of CounterSpy for ME but it won't be available until the end of this month. They suggested I run HijackThis and contact you. Also, this past weekend I upgraded my Norton AntiVirus to the 2005 version and it cleaned off some of the problems but not all and even more spyware appeared the second time I ran the Norton scan. Symptoms I'm seeing include:
When I boot the PC, the browser (IE) automatically launches (it's not supposed to)
a "blank: about" page is displayed in the browser instead of my usual home page (my ISP). If I re-set it, it's OK as long as I don't reboot.
there are two porn sites listed in my Favorites list and I can't get rid of them
general sluggishness of the PC

Below is my scan from HijackThis. Any help you can provide is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:52:25 PM, on 5/15/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\PROGRAM FILES\COMMON FILE... Read more

A:Need help cleaning off spyware

Read other 6 answers
RELEVANCY SCORE 47.6

I have run adaware and spybot s&d in safe mode with system restore disabled. Still having a pop-up problem. Help please. Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 6:10:28 PM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Documents and Settings\ANNE PRITCHARD\Desktop\HiJack This\HijackThis.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Prog... Read more

A:Spyware cleaning help please

Read other 9 answers
RELEVANCY SCORE 47.2

Hi there,
someone had helped mr about a year ago claeaning my notebook of virus/spyware etc.since than everything was fine until a couple days ago i have noticed weird stuff all you know.
Now I had saved the following programs a year ago on my notebook so i have them

hijackthis
SmitfraudFix
vcleaner
Fixwareout
Killbox
Vindofix
Combofix
sine it has been a year since I opened these programs actually i do not remember what/how to do!
Can anyone please help me?
Thanks in advance
Sam
 

A:Need spyware, virus cleaning

Logfile of HijackThis v1.99.1
Scan saved at 00:02, on 07-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WIND... Read more

Read other 1 answers
RELEVANCY SCORE 47.2

Hello.I have a friends laptop here and he has some virus on it that is really messing things up. He's a real Neanderthal when it comes to computers.I've tried to find the answer on line. I've tried to use software programs but they aren't helping completely, as a matter of fact they seem to shut down half way through the process of analyzing the situation. If I run the computer long enough the whole computer freezes up.The initial bug was the Windows antivirus bug. I'm sure that there are a couple more on there.I can only run CMD.exe in Safe Mode. When it starts up I get to rundll errors for tapi.nfo.It is running XP Home edition. What can I do to fix this poor machine? I have several days of attempting to do this alone.Thank you so much for any help.Gary =0)Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:tapi.nfo and Spyware cleaning

I guess my problem is too complicated. Still no replies.

After reading through the forum I found a thread similar to my problem. I ran win32kdiag.exe. Below is the result of the scan.

Please, if there is anyone that could help I would greatly appreciate it.

Gary

Running from: C:\Documents and Settings\Johnny\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Johnny\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB942840\KB942840

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Conn... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

Hello all. I have recently been getting alot of popups on my computer, such as:

(yellow triange with exclamation mark icon)
Security Alert: Spyware Found
Your computer is infected with the last version of PSW.x-Vir trojan.
PSW trojans steal your private information such as: passwords, IP-address, credit card
information, registration details, etc.
Click this baloon to remove PSW.x-Vir spyware.

and:

(yellow triange with exclamation mark icon)
System performance monitor:Warning
Summary:
System performance slowed down by: 47%
Internet connection speed decreased by: 39%
Probable reason: Spyware applications / Adware popup windows
Click this baloon to download spyware scan tool to remove spyware/adware applications.
----------------------
I think you guys know what virus/spyware im talking about by now. I would really appreciate some help with removing it.
I have been browsing this forum a little and seen how you have done; I downloaded HiJackThis and made a log.

The log:
Logfile of HijackThis v1.99.1
Scan saved at 14:57:51, on 2007-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sys... Read more

A:I have PSW.x-Vir spyware, Need help with cleaning my computer!

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

Read other 3 answers
RELEVANCY SCORE 47.2

Alright, I was doing the same thing at www.geekstogo.com. I showed a hijackthis log, got a reply and ran vundofix, cleanup, and active scan. some I was in the middle of help, but suddenly I can't access that site. It says the page can't be displayed. All other sites work for me except it. And the site works for everyone else I ask...this is totally weird.Anyway, here is my Vundo text after that:VundoFix V2.15 by Atri-------------------------------------------------------------------------------------- Listing files contained in the vundofix folder.-------------------------------------------------------------------------------------- killvundo.batprocess.exeReadMe.txtvundo.regvundofix.txt -------------------------------------------------------------------------------------- Filepaths entered-------------------------------------------------------------------------------------- The filepath entered was C:\WINDOWS\System32\mljgd.dll The second filepath entered was C:\WINDOWS\System32\dgjlm.dll* -------------------------------------------------------------------------------------- Log from Process-------------------------------------------------------------------------------------- Killing PID 136 'smss.exe'Killing PID 704 'explorer.exe'Killing PID 704 'explorer.exe'Killing PID 208 'winlogon.exe'Killing PID 208 'winlogon.exe'-------------------------------------------------------------------------------------- C:\WINDOWS\System32\mljg... Read more

A:Some Spyware..need Help...was In The Middle Of Cleaning..

I am sorry for the delay. If you are still have trouble, please follow the instructions here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/and then post a brand new hjt log as a reply to this topic.

Read other 1 answers
RELEVANCY SCORE 47.2

I ran hijackthis. Can someone please view my results and tell me which files I want to get rid of and ways to do so. Thanks for all the help!
Logfile of HijackThis v1.97.2
Scan saved at 5:14:03 PM, on 9/17/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\rundll16.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ClientMan\mscman.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\ClientMan\msckin.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Intuit\QuickBooks\Q... Read more

A:Lots of spyware....help cleaning it up

Read other 10 answers
RELEVANCY SCORE 47.2

Hi. I have been following various threads for the "how to" on this, and hopefully I'm off to a good start. I've downloaded & updated & ran the following utilities: HJT, SpyBot S&D, Ad-Aware 6.0. Using the latter two I've deleted over 325 unwanted programs. YOW!!!! But....... what to do with the info on HJT??

So here's my log, if anyone is willing to give me some guidance.
I'd like to remove--
04 Global Startup: Billminder.Ink (Quicken program)
Event Reminder.ink (Printmaster program)
Quicken Startup.ink
Ulead Photo Express 4.0 SE Calendar Checker.ink

Would that keep them from automatically running at start-up (without damaging the program itself?)

My goal is to boost my functional RAM. I've got 1G of RAM, but my son has gotten into making his own fan films, which includes use of some pretty high-end editing programs, rotoscoping his own lightsaber effects, etc.-- which sucks all the juice out of what I thought was not a terribly antiquated machine!!

THANKS.

Joe -aka DrDemento

Here's my HJT log:
Logfile of HijackThis v1.97.7
Scan saved at 12:14:58 PM, on 1/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1... Read more

A:Cleaning Spyware & Adware

to start with these 2 are either viruses or trojans
O4 - HKLM\..\Run: [OZGQBMWE] C:\WINDOWS\OZGQBMWE.exe
O4 - HKLM\..\Run: [BLVGQITE] C:\WINDOWS\BLVGQITE.exe

run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked
O4 - HKLM\..\Run: [OZGQBMWE] C:\WINDOWS\OZGQBMWE.exe
O4 - HKLM\..\Run: [BLVGQITE] C:\WINDOWS\BLVGQITE.exe

reboot into safe mode & delete
C:\WINDOWS\BLVGQITE.exe
C:\WINDOWS\OZGQBMWE.exe

then reboot & work through this site http://www.pacs-portal.co.uk/startup_index.htm
which gives good help on how to cut down on in needed start ups and the best waqy to disable them. Some are better disabled from inside the program, others by using MSconfig.

Using HJT to stop start ups shoul dbe a last resort as it's permanent
 

Read other 2 answers
RELEVANCY SCORE 47.2

Hi guys. Had some spyware/adware/virus crap happen. I went through the steps in the sticky and here is what pandasoftware logged:


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JRey\Application Data\Mozilla\Firefox\Profiles\8ccdqdx5.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\JRey\Application Data\Mozilla\Firefox\Profiles\8ccdqdx5.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\JRey\Application Data\Mozilla\Firefox\Profiles\8ccdqdx5.default\cookies.txt[.mediaplex.com/] ... Read more

A:Cleaning up a spyware invasion.

Before fixing anything, Please download the Suspicious File Packer - http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it. Paste the following list of bad files into the Suspicious File Packer window:


Code:
C:\Documents and Settings\JRey\Local Settings\Temporary Internet Files\Content.IE5\8BKZ6N27\anti4[1].exe
Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please submit it to this site - http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.


Please rename Hijackthis.exe
It's currently located at C:\hjt\HijackThis.exe
Rename it from Hijackthis.exe to HJT.exe

Then post a fresh Hijackthis log

Read other 8 answers
RELEVANCY SCORE 47.2

My pc was infected by a autorun.inf/boot.exe virus some days back.I did some reading on the internet and found out that i had to delete autorun.inf and boot.exe files in my drives.
I did that and i though it solved the problem.

Now whenever i insert a USB removable drive,such as a thumb drive,i can see that my pc creates these 2 files in it.I'm able to double click on my thumb drive but my antivirus software[currently trend micro] detects autorun.inf as a virus and quarantines it.

Also,when i try to delete boot.exe in system32 folder,it says that the file is in use and cant be deleted.

What do i do?

Can you please check my log and get back to me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:42 AM, on 2/21/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XNeat Windows Manager\XNeatWM.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files... Read more

A:Help Cleaning Virus/Spyware

Read other 9 answers
RELEVANCY SCORE 46.8

Here's my log file, any help would be greatly appreciated!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:59:07, on 07/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\JACKYE~1\LOCALS~1\Temp\b130.exe
C:\WINDOWS\system32... Read more

A:Need help cleaning my comp of some nasty spyware!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cl... Read more

Read other 5 answers
RELEVANCY SCORE 46.8

Hi, thanks for the help i received from your experience on the forum.
I have read about your help in a desktop malfunction situation were a spyware program installed an executable file, changing the desktop walpaper permanently with an html file.

Well, my situation was similar but i have already fixed badfiles using SPYWARE and antivirus sw. The bad html file was inside the system32 dir (desktop.html)
The only problem still present on my PC is the reduction of the control of the desktop options: rightclicking on the desktop it opens the dialog windows but it shows only two tabs, Screensaver and res settings; the other tabs are hidden so i can't restore the walpaper i need.
I guess is a registry bad setting, made by the bad exe file.
Could you help me to show again the desktop tab and theme tab in the screen properties window?
Hope to be clear enough, i'm italian and my english is not perfect.
Thanks a lot anyway.
Marino
Italy
 

A:Desktop troubles after spyware cleaning

first let's se if there is still anything on the computer bad

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

Read other 1 answers
RELEVANCY SCORE 46.8

Hey guys.

I ran through the steps in the stickies as best I could, but it seems like the longer I try to scan and update, the worse things get, so I'm stopping for now and giving you what I've come up with so far.

First of all, the problems. First main, most noticeable problem, is the popups. They'll appear in IE, always, even if I'm using Firefox. This is a sample of one of the URLs it tries to load:

http://llehs.com/go/?cmp=vm_mg_ff_h&...7678&lid=&url=


I've seen this described as OIN? Or something like that.
Anyways, I ran through some of the steps on this site. I downloaded all XP and IE updates. I already had SP2. Now the viruses have a harder time loading their popup sites. It tells me the sites can't be found, but they're still very annoying. They appear at will unless the Internet connection is disabled. And then, it tries to dial out... somewhere. McAfee was able to eliminate several of these dialers and trojans. Some of the scarier ones I saw were CIH?, Smitfraud, PurityScan, and Mirar. Mirar keeps coming back. I'm not sure about the others. McAfee continually blocks generic trojans from being run, so these things are trying to replicate.

One of the other scary abilities these viruses have is knowing where I am. I'm currently on vacation in Cincinnati, and the popups knew where I was. Adultfriendfinder showed me girls from Cincinnati. Good Lord, what is the world coming to?

Now that I've been fighting them, they're fighting back. Almo... Read more

A:Need help cleaning a load of spyware + viruses

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 11 answers
RELEVANCY SCORE 46.8

satelite p3 128mb ram
 

A:Toshiba laptop...need help cleaning spyware

Read other 7 answers
RELEVANCY SCORE 46.8

Hey i was cleaning my comp today and found that i have a crap load of spyware n my computer.. i tried the basic stuff liek running ad-aware SE and search and destroy (even ran both of them in safe mode) but i still have some spyware on my computer. can anyone help out?

Logfile of HijackThis v1.99.1
Scan saved at 8:08:12 AM, on 4/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\****\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ICQ\NDetect.exe
C:\Program ... Read more

A:Computer full of spyware, need help cleaning. HJT log

Read other 10 answers
RELEVANCY SCORE 46.8

Well, here's the deal: my girlfriend has a seriously ailing computer. She had no anti-spyware systems. Needless to say, her computer started acting super-weird lately.I immediately became suspicious. I installed, updated, and ran Spybot S&D as well as AdAware, which got rid of a ton of spyware.Her computer was still acting seriously screwed up though... more so than before, actually. Then she revealed to me that although she has a copy of Norton Antivirus that came with the computer (no cd though. -_-) she has NEVER updated the virus definitions!Alarm bells rang. I tried to update the program but it wouldn't let me - said it had been 'tampered' with. I didn't know if this was due to a virus or because it might be an illegal version of Norton. Either way, this wasn't good.With no other options open to me, I downloaded AVG and updated that, then disconnected from the net, rebooted, and ran it (having shut off system restore first, mind you). Found about 30 or something viruses, which AVG says it deleted.I also ran HiJackThis and deleted a dodgy looking entry for a file called freexxx.exe, and deleted the actual freexxx.exe file itself too.Now, here's the current situation. Spybot and Adaware both say the system is clean, and AVG says its free of viruses too. But I'm terribly worried that as soon as she goes back online it'll turn out there's still some nasty parasite in there that'll reinstall all this stuff and undo all my good efforts. So I put HiJackThis on her PC, r... Read more

A:Cleaning up spyware (and virus?) remnants...

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R3 - Default URLSearchHook is missingO4 - HKLM\..\Run: [Windows Media Player] bah.exeO4 - HKLM\..\Run: [Ati Control Panel] atiphexx.exeO4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ijcervm.exeO4 - HKLM\..\Run: [MSPluginSrvc] p3.exeO4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exeO4 - HKLM\..\Run: [ydsdmf] C:\WINDOWS\ydsdmf.exeO4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exeO4 - HKLM\..\Run: [Samsung] Samsungs.exeO4 - HKLM\..\Run: [usbdrv] WINR35.exeO4 - HKLM\..\Run: [WINTASK] taskgmr.exeO4 - HKLM\..\Run: [Win32 Firewall Drivers] winfirewall.exeO4 - HKLM\..\RunServices: [IPv6 Helper] csass.exeO4 - HKLM\..\RunServices: [Windows Media Player] bah.exeO4 - HKLM\..\RunServices: [WindowsServer] winamp.exeO4 - HKLM\..\RunServices: [Ati Control Panel] atiphexx.exeO4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exeO4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.e... Read more

Read other 3 answers
RELEVANCY SCORE 46

Hello,

I recently cleaned a computer using Symantec Anti-Virus and Windows Defender but the computer is running very slow. The slowness is mostly when opening Internet Explorer and when entering into windows on startup. I have run HJT and pasted the log file below. Any assistance in fixing this would be helpful.

Thanks ahead of time!!

Fred

Logfile of HijackThis v1.99.1
Scan saved at 8:37:55 AM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\Ivp\Swupda... Read more

A:computer runs slow after cleaning spyware

Read other 13 answers
RELEVANCY SCORE 46

i have been given a compromised laptop with the above infections. The machine was infected in late 2006 while running AVG 2.1 & Ad-Aware.i have run various tools, including: AVG2.5 & NOD32 virus scans, Ad-Aware, SpySweeper, Spybot, Super Antispyware, McAfee Stinger & CWS Shredder. The results of those scans are documented on this thread:http://www.bleepingcomputer.com/forums/t/89551/spysoldier-spyware-knight-cleaning-resistant/Buddy215 then asked me to run a HijackThis scan & post the log to this forum, so that is what i am doing. My goal is to regain browser functionality - at the moment, i cannot do anything security or update-related because the page simply terminates connection before any downloads begin.Here's the HJT log:Logfile of HijackThis v1.99.1Scan saved at 1:52:09 PM, on 4/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics... Read more

A:Spysoldier / Spyware Knight Resistant To Cleaning

Hello Sokoudjou and welcome to the BC Hijackthis forum. I don't see any signs of viruses or malware in the log. It is clean.I think it is probably just a configuration issue but let's check with 1 other scanner first.Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.In the Win32 Services group select All.In the File String Search group select NoneUnder Additional Scans click the checkboxes in front of the following items to select them:Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - Policy Settings
Reg - Security Settings
File - Additional Folder Scans
Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.Cheers.OT

Read other 1 answers
RELEVANCY SCORE 46

Logfile of HijackThis v1.99.1Scan saved at 1:08:10 PM, on 11/23/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\HijackThis\HijackThis.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe--------I'm having problems with some spyware of some sort as detailed in my other thread: http://www.bleepingcomputer.com/forums/t/72921/am-i-infected-with-spyware/AVG/e-wido couldn't find it and I just formatted my harddrive and re-installed XP, but I'm still getting it. Can anyone help me?

A:Fake Registry Cleaning Program Spyware

You must get the SP's and critical updates==============You have no active AntiVirus!Get the free AVG 7 install it, check for updates and run a full scanAVG 7 - http://free.grisoft.com/freeweb.php/doc/2/==================Kill Windows Messenger - http://vlaurie.com/computers2/Articles/messenger.htm

Read other 5 answers
RELEVANCY SCORE 46

I downloaded Hijack This and did the scan so now I have the log but I need help cleaning out the bad and keeping the good. Here's the log and hopefully someone can help. Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 2:31:01 PM, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\110625~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110625~1\EE\AOLServiceHost.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Ame... Read more

A:Solved: HijackThis log, Need Help Cleaning Out Spyware Stuff!!

Read other 15 answers
RELEVANCY SCORE 46

can i get some help eliminating the viruses and etc. that have infected my computer ?

here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:45 AM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\oodteyma.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\TEMP\win50C6.tmp.exe
C:\Documents and Settings\All Users\Application Data\abynipkx.exe
C:\WINNT\mgrs.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\SSTEM3~1\winlogon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ser... Read more

A:need help cleaning my system from virus, worms, spyware etc.

Read other 16 answers
RELEVANCY SCORE 46

Hello everyone - So i have inherited a laptop with a malware infection. It advised on startup of being infected With Trojan.dloader via the system tray, and attempted to hijack my browser to get me to buy Spyware Knight and/or SpySoldier to fix the problem.i do not know what activity prompted this. The machine was running Ad-Aware & AVG 7.1 at the time of infection in late 2006.i disabled System Restore, updated definitions and ran both programs. Then booted into safe mode & ran both programs again - not much was found, but i quaranteed/deleted/cleaned whatever was there.Then i uninstalled them both & switched to NOD32 & SpySweeper 5.3.1, downloaded full updates & discovered this thread which had a similar situation: http://www.bleepingcomputer.com/forums/t/80657/infected-with-trojandloaderlx-spyware-knight-etc/So i downloaded SmitFraudFix, CCleaner 1.39 & Hijack This, booted into safe mode, and ran them. SmitFraudFix ran (i saved the log) and then the system rebooted itself without my intervention. i then ran a full NOD32 virus scan, a full SpySweeper scan & CCleaner to clear files & clean the registry. SpySweeper found three adware elements: Antispyware soldier fakealert, comet cursor & fakealert fake infection, plus a system monitor called Tattletale.i then rebooted into normal windows and found the popups to be gone, but i couldn't connect to Windows Update or sites like PandaVirus' online system scan. i checked the hosts file... Read more

A:Spysoldier / Spyware Knight Cleaning-resistant

Run this,,let us know how you didD'load update and scan preferably in Safe Modehttp://www.superantispyware.com/downloadfi...ANTISPYWAREFREEand CoolWebSearch shredderDownload stand-alone version of CWShredder

Read other 4 answers
RELEVANCY SCORE 46

A few days ago, I received a virus notification from my antivirus software. I had a Trojan virus. Just now, I opened the antivirus to pull the important info from that quarantine and now I see I'm still having problems. I can't copy the log file from my antivirus, but the files include:

htm[1].htm
install2.exe
dat5F.tmp

There are several entries for each file and they were either left alone or quarantined. Most of them were left alone.

Anyway, I notified our MIS department and they removed the trojan and any files resulting from that trojan. I downloaded Ad Aware, Spybot, and Spyware Blaster. I ran all three and removed the troublesome files.

For the most part, my computer is working better. I had been getting popups every two minutes--even when I wasn't on the internet, I was working on MS Word files. Also, I guess I had to have had several browser hijack attempts because when I'd open IE, my homepage wouldn't come up and I was immediately redirected to another page that began popup hell. Right now, however, my computer seems to be running extremely slow, particularly when I try to open a document. It just takes forever to open a document.

I've contacted our MIS department and they say they've cleaned my computer and that I should be fine. I still think there is some file or application that's lurking in my computer. I've done a search on my C: drive for "gator," but didn't have any gator files/apps.

I'm ... Read more

A:Slow computer after cleaning Trojan and spyware

Read other 11 answers
RELEVANCY SCORE 45.6

Hello all,

Here is the log of the HijackThis I have run on my Dad's PC. I would be thankful If you could assist me in cleaning his computer from spyware. Thanx !

=-=-=-=-=-=-=-=-=-=-=

Logfile of HijackThis v1.99.1
Scan saved at 21:56:02, on 06/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\taskmgr.exe
c:\progra~1\intern~1\iexplore.exe
c:\pr... Read more

A:Solved: Hijackthis: Can someone assist me in cleaning my Dad's computer from spyware ?

Read other 14 answers
RELEVANCY SCORE 45.6

Hello

I had some problems with the spyware by accepting its request by mistake to scan my computer for virus cleaning.
It used to force me to open different URLs for cleaning such as 'safenavweb,pcsecure sytem,your privacy guard) and its gif expanded over my desktop.
Following having look at previous instructions of your analysist to another member I made the following:

- Install SmitfraudFix.exe
- Install ATF Cleaner by Atribune
- Install AVG Antispyware (Updated)
- Install NOD32
- Install Norton (15 days free trial version)
- Install Combofix

After that I proceeded,

- Show hidden files/folder - Unchecked hide protected operating system folders - Unchecked hide file extensions for known file types:

In SAFE MODE
- Run SmitfraudFix.exe
- Reboot back into Safe Mode
- Run ATF Cleaner (Select All- Empty Selected)
- Go to control panel >Display>Desktop>Customize desktop>Web> deleted the websites.
- Run AVG Antispyware

In NORMAL MODE
- Run ComboFix
- Run NOD32 > Scan and Clean
- Run Norton> Scan and Clean
- Uninstall Combo Fix

After all,it seems that I managed to get rid off,at least my desktop is free and not receiving any instruction to be forwarded to those URLs.

However I am receiving constant alerts from Norton such as '' A recent attempt to attack your computer has been blocked''
Details give 'Anti Intrusion attempt by 88.165.76.111

Could you please support to make sure I get rid off them completelly?
More li... Read more

Read other answers
RELEVANCY SCORE 45.2

Hello I have a dell inspiron e1405 laptop
i recently had some ad/spyware on my computer
i ran AVG, adaware, and Superantispyware to quarantine and remove said spyware

now when i start up my computer i get two errors
and when i shut down my computer an end program for rundll.exe (i cant remember if it is rundll32 or rundll)


the two errors that occur say this

Error 1:

Error loading c:\windows\system32\jivavadu.dll
The specified module could not be found.


Error 2:

Error loading c:\windows\system32\hejubijo.dll
The specified module could not be found.




i tried deleting the registry file for this thing, but i have no wild tangent folder under the run folder. hklocal machine ---> (skipping some stuff) --> windows --> currentversion --> run --> no wild tangent folder



Ive also run regclean on the computer to try and fix the errors



Thanks for any help

A:Rundll error from deleted spyware (Ran multiple cleaning programs)

Hello,

The files are remnants of the infection that are still loaded in the startup folder.

Open msconfig > click Startup tab > look for the files and remove if there.

I recommend that you start a thread in the Security Forum to make sure that the

system is thoroughly cleaned. Just follow the steps on the following link.

http://www.techsupportforum.com/secu...oval-help.html

Once the steps are completed post the requested logs and an expert will examine them

and walk you through steps to ensure that the system is clean. Please be patient as it

is a busy forum.

Read other 1 answers
RELEVANCY SCORE 45.2

Hello I have a dell inspiron e1405 laptop
i recently had some ad/spyware on my computer
i ran AVG, adaware, and Superantispyware to quarantine and remove said spyware

now when i start up my computer i get two errors
and when i shut down my computer an end program for rundll.exe (i cant remember if it is rundll32 or rundll)


the two errors that occur say this

Error 1:

Error loading c:\windows\system32\jivavadu.dll
The specified module could not be found.


Error 2:

Error loading c:\windows\system32\hejubijo.dll
The specified module could not be found.




i tried deleting the registry file for this thing, but i have no wild tangent folder under the run folder. hklocal machine ---> (skipping some stuff) --> windows --> currentversion --> run --> no wild tangent folder



Ive also run regclean on the computer to try and fix the errors



Thanks for any help






DDS TEXT:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Keegan at 18:37:14.15 on Sun 04/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.423 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall Plus *disabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs... Read more

A:Rundll error from deleted spyware (Ran multiple cleaning programs)

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

It seems there are remnants of McAfee on the machine.


Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to rebo... Read more

Read other 12 answers
RELEVANCY SCORE 45.2

Hello!

I have an acer travelmate running windows xp, with zonealarm (previously free, today upgraded to pro). I hadn't an antivirus (shall install norton that came with the laptop today).

My problem right now is that windows installer turns up when I start most applications, especially IExplorer, office programs. It then asks me for the microsoft office installation CD (which is at my ex's, so out of reach.)

I believe that this happened after I made some registry changes based on the Hijackthis log.

Specifically, I seem to recall that there was a registry entry in orange on the HJT autoanalyser that was related to an msoffice component that started up when I started up my computer. Orange was doubtful, and I thought this would save memory, as I don't use msoffice much. So I deleted the entry from the registry.

Since then I keep getting this "windows is preparing to install" dialog with startup and when starting other appliances.

I had a few problems with spyware recently, which prompted the downloading of HJT, Spybot, Spyware blaster, zonealarm, and my recent update to zonealarm pro, digging out the antivirus, etc.

I had a lot of spyware, including sysprotect. The computer is clean now, I think.

I also have a windows .net framework problem, and windowsupdate won't download the security patch , there is an error there that I haven't figured out yet (error code 0x641 ). (Other updates wouldn't install, until zone alarm pro figured... Read more

A:Windows Installer Error after editing registry / HJT Spyware cleaning

Read other 10 answers
RELEVANCY SCORE 44.8

I have been reading threads, and learned to do one or two things. Running Windows 98 , IE 6.0, NAV, Spybot, Adaware, Javacool Spyware Guard. My system started doing whaky things, started researching, have been able to get a handle on some things, but need guidance! I am unsure if all of these problems are related, so I put them all in this post:

One question, I have mdm.exe in c:\windows\system. This does not look right, but I don't know. I have found multiple spyware viruses on my system with spybot and adaware: rb32, ITC bar, tinybar, the list goes on. These (I think) are cleared up, but my system still keeps trying to access the dialup connection on its own.

Installed NAV today, and it found a backdoor.jeemp (sp?) infection. I followed symantec's instructions to clear this up (I think). My question (#2) is what the h*** else may be on here that isn't showing up on scans?

Each new step seems to be uncovering more problems. Any benevolent assistance will be greatly appreciated. Here is a hijack this log, any other info needed will be provided if requested:

Logfile of HijackThis v1.97.3
Scan saved at 1:30:05 AM, on 11/6/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WIND... Read more

A:Need expert advice with cleaning up machine after multiple spyware, virus infections

Read other 9 answers
RELEVANCY SCORE 44.8

Hello!

I have an acer travelmate running windows xp, with zonealarm (previously free, today upgraded to pro). I hadn't an antivirus (shall install norton that came with the laptop today).

My problem right now is that windows installer turns up when I start most applications, especially IExplorer, office programs. It then asks me for the microsoft office installation CD (which is at my ex's, so out of reach.)

I believe that this happened after I made some registry changes based on the Hijackthis log.

Specifically, I seem to recall that there was a registry entry in orange on the HJT autoanalyser that was related to an msoffice component that started up when I started up my computer. Orange was doubtful, and I thought this would save memory, as I don't use msoffice much. So I deleted the entry from the registry.

Since then I keep getting this "windows is preparing to install" dialog with startup and when starting other appliances.

I had a few problems with spyware recently, which prompted the downloading of HJT, Spybot, Spyware blaster, zonealarm, and my recent update to zonealarm pro, digging out the antivirus, etc.

I had a lot of spyware, including sysprotect. The computer is clean now, I think.

I also have a windows .net framework problem, and windowsupdate won't download the security patch , there is an error there that I haven't figured out yet (error code 0x641 ). (Other updates wouldn't install, until zone alarm pro figured... Read more

A:Windows Installer / msoffice Error after editing registry / HJT Spyware cleaning

Closing duplicate post, please continue here: http://forums.techguy.org/security/481418-windows-installer-error-after-editing.html
 

Read other 1 answers
RELEVANCY SCORE 40.4

Hi,

My girlfriend has cut me off until I get her desktop computer up and going again! Since it went down, she won't go down. For the sake of men everywhere, could someone please assist me in cleaning this thing up?

Thanks in advance!

She is running XP Home with SP2 and the HJT log is listed below:

Logfile of HijackThis v1.99.1
Scan saved at 9:21:58 AM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicone... Read more

A:Really late spring cleaning or early fall cleaning?

The Hijack This log is hard to read.
Please rescan with Hijack This.
When the log opens in Notepad, go to Format and select Wordwrap.
Then copy and paste the log here.
 

Read other 1 answers
RELEVANCY SCORE 40.4

Source
I totally agree with the below text in bold...




The more effective solution: clean, backup and then ?nuke and pave?

Lego patching up a brick wall (image: pixabay.com)To make this very clear, as there are still loads of misconceptions about it all over the internet:

A once-infected computer can?t be trusted anymore.

Afer cleaning and making backups of your data, you always have to wipe and reload your entire operating system from scratch. We fully understand that many IT people will moan about that idea and argue, ?but it takes sooo long to do that, and who?s going to pay for it?? or maybe, ?there is necessary old software on that PC that can?t be found/installed anymore?. But honestly, if you really want to clean a system well, it always takes a long time. Furthermore, if the software is truly so old that you can?t find it anymore, isn?t it probably time to replace it with something more modern anyway?Click to expand...


----------------------------------------------------------------------------------------------------------------




Another strange pop-up or unexpected crash, and it?s time to take your computer back to the shop, right?

But what if you could avoid losing precious data and time spent with your computer? What if this whole cleaning step could be eliminated entirely?

This is why protection is a pivotal topic in the antivirus industry. Cleaning and protecting seem like two methods that aim for the ... Read more

A:Cleaning vs. Protection – Why you shouldn’t rely on malware cleaning

As with most things in life prevention is better than the cure.
 

Read other 32 answers
RELEVANCY SCORE 40.4

Hello,

Could someone please help me clean up what has become a very slow computer? I must have too many programmes automatically starting up and running because it now takes an age to boot up and when it finally does windows take an age to load and the internet seems to run very slowly. I don't think it is a memory issue because I have over 50GB of free space. Another issue is that Internet explorer often crashes and closes all open windows with an error message.

I am posting a Hijackthis log so you can see what's running. I only really use the internet, itunes and manage photos etc. so I think there is a lot of superfluous activity which I'd love to get rid of...

Logfile of HijackThis v1.99.1
Scan saved at 18:44:29, on 11/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program F... Read more

A:Help with cleaning slow computer and cleaning out unwanted programmes

Have I posted this in the correct forum? Can anyone offer any help?
 

Read other 3 answers
RELEVANCY SCORE 39.6

hey guys. I have peerguardian 2 and everytime i start my computer someone called offeroptimizer.com/static.callinghome.biz[spy], st. also i was looking with spysweeper at my items that startup with windows and i noticed there is something called ShowWnd.exe and i googeld it and some things said it was malicious and some said it was not. Maybe you could help me out. Heres my Hijackthis log. Thanks.Logfile of HijackThis v1.99.1Scan saved at 4:20:18 PM, on 5/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files&#... Read more

A:HJT-Leftover

Welcome leftover to Bleeping Computer.*Restart the computer.*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.*Use the arrow keys to select the Safe mode menu item*press Enter.***We need to make sure all hidden files are showing so please:* Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK.***Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeClick on Fix Checked when finished and exit HijackThis.***Open Windows Explorer.Find and delete this file:C:\Windows\System32\ShowWnd.exe***Reboot the computer to normal mode.Please post back in this topic with a fresh log using HijackThis.

Read other 16 answers
RELEVANCY SCORE 39.2

Hi I need help getting rid of some trojan/malware remains. Malwarebytes and tdsskiller don't find anything but I am still getting internet explorer redirects, windows firewall turned off & will not turn on and need help because it looks like I may have a rootkit hiding somewhere. I have included my dds files. Also avast is showing alot of "malicious URL blocked" messages and the process is C:\Windows\System32\ping.exe. I have ESAT, MBAM, SAS & HiJackThis logs. I have combofix, aswMBR & minitoolbox dl'd & ready to run but don't want to use them without your direction. I have windows 7 32 Thanks!

A:Win7Antispyware leftover fix

Update......running eset fixed the redirects but I wonder if I still have the rootkit. Eset said I had a variant of the Win32/Sirefef.DN trojan.

Read other 19 answers
RELEVANCY SCORE 39.2

thank you for helping me,

Here is where we were working on Internet Explorer issues before I was told there was leftover malware items> http://forums.techguy.org/windows-xp/949714-internet-explorer-problem.html#post7597460

i ran the uninstaller then did the hijack this scan again.
i didn't see the two items you said i should check mark on the list.. so i looked back at the first log and they are listed, but now after the uninstall they are gone. because im not sure what to do, i didn't do the Norton uninstaller part yet.. this it the latest file after the uninstall.

i also noticed that when i would open any file the Search Settings v1.2.3 tried to open every time, and i had to hit the cancel button several times to close it. now that I've done the uninstall, it no longer does this. im guessing they are related somehow and i hope that this new information doesn't come too late..
thank you again for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:46, on 9/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\... Read more

A:Leftover infection

Search Settings seems to be gone alright.

As for Norton, it should be removed since you should never run more than one antivirus software at the time. They will work one against the other (Avira and Norton), cause your system to be slow and even freeze. Your computer will be even more vulnerable.

Your log is showing traces of past or present infection. After we're done here, we'll need to get you transfered to the Virus & Other Malware Removal forum.
 

Read other 1 answers
RELEVANCY SCORE 39.2

HI, i removed a security program,and i now find that i have leftover files, i went into task manager found file location, but when i try to delete them, a popup say's i need permission. i am the only user on the pc and also administrater how do i obtain permision or is the another way to delete. i have vista premium 32-bit...thanks

A:Get rid of leftover files

Hi patch41, Take ownership of that file and then delete it.

Read other 5 answers
RELEVANCY SCORE 39.2

After finally getting the Windows 10 Anniversary Update to install, as expected, I had a WIndows.0ld file. Following instructions posted here and elsewhere, I used Disc Cleanup to remove most of that file.

There are still two folders remaining in Windows.old from System32, one in Drivers (IntcDaud.sys) and one in DriverStore (intcdaud.info.amd64xxxxx.) When I go directly to System32, both drivers appear in the same folders where they show in Wndows.old. Disc Cleanup no longer even recognizes Windows.old, so I cannot run it again to remove what appear to me to be extraneous entries.

Can I safely use Unlocker to try to remove the remaining Windows.old file, which likely would only work after a reboot? If not, is there some other method, short of using the Jaws of Life or a ten-pound sledge hammer to remove the leftover Windows.old file?

A:Windows.old leftover

Hello Not Myself,

Unlocker should work for you. If you like, OPTION THREE below should work as well.

Windows.old Folder - Delete in Windows 10

Read other answers
RELEVANCY SCORE 39.2

Can anyone tell me if there is such a progamme that can detect leftover programmes on the pc. By that I mean, when you have installed a programme and then decide you don't want it, you delete it from the add/remove control but it always seems to leave some file behind.

Is there anything that would clean all those files up? Hope I am making sense.

Thanks
 

A:Leftover files?

Read other 14 answers
RELEVANCY SCORE 39.2

I got some kind of malware last week. I kept getting tons of pop-ups, which never bothered me before, and other things. One of those fake anti-spyware sites that took over my computer till I shut it down, etc.

So in the past week I have done the following:

I ran Stinger, Ad-Aware, Malicious Removal Tool, CC Cleaner, Housecall, HS Remove, cwshredder, Kill2Me, all of which found nothing, and did a System Restore which had no effect..

Then I ran Malwarebytes and Stopzilla both of which found some Trojans, Malwares, Ad cookies etc and deleted them. (No worms that I could see.)

Since then I still have the following problems:

When I load Firefox - before the page loads in the upper left hand corner I get the following box:

"Java Application Type Error: spElement is null." (A search of "spElement is null" on Google turns up nothing.)

When I click OK, the message box disappears and Firefox loads. Sometimes a few different pages load, Ask.Com, My * 10.Com, etc. A couple pages sometime try to load but there is a message box that says the locations couldn't be found. I click off those pages, I seem to be able to use Firefox without any further problems.

If I try and load Internet Explorer, a bunch pf pages try to load, all with the same internet address with numbers, letters, and symbols that I have never seen before (not a foreign language, but symbols which aren't on my keyboard, letters, etc) Luckily for each page that tries to loa... Read more

A:A few leftover's that I can't seem to shake??

I would do the following.....Use Rkill to stop the rootkit processes that start when the computer comes on. Then I run the Malwarebytes and SUPERAntiSpyware. Here are some DL links for the Rkill....LINK 1LINK 2LINK 3LINK 4Save it to your desktop and then double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.After running Rkill update and run MBAM. Next I would install AFT Cleaner check the box for select all and then run it. Finally, I would run SUPERAntiSpyware. If you have more than one username then you will need to scan each user account seperately with this.

Read other 1 answers