Over 1 million tech questions and answers.

Help with Mutliple Virus/Spyware Problems

Q: Help with Mutliple Virus/Spyware Problems

Hi there,

My computer has many issues right now. First, when I start up the computer, the computer, the screen is blue and then it goes black and mentions something about windows security center. I googled this and it said this was something with windows sp2 and to open control panel, but control panel is missing on my computer. A window pops-up and says vedxg6ame4.exe has encountered a problem and must close and then another windows comes up saying that c:/winsows/shell.exe is missing. Also something was mentioned about kernel32.dll. I tired to change the background for black to a picture and the computer won't let me. Please help, Norton can't fix this! Thanks

RELEVANCY SCORE 200
Preferred Solution: Help with Mutliple Virus/Spyware Problems

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Help with Mutliple Virus/Spyware Problems

Read other 11 answers
RELEVANCY SCORE 59.2

Hello,

my computer has been running like a total clunker lately. I have gone through all the steps listed in the instructions post. The online virus scan at trend micro found multiple trojans, spyware, malware and etc that adaware and my own virus detection program have been missing. About a week ago some spyware was on my computer and now I have a messed up registry value from it being deleted. So every time I restart my computer I get a message saying winlogon.exe or something like that could not be found.

I would love it if once I get my computer running back to normal you could suggest a decent firewall or something to hep prevent these things from sneaking their way onto my system in the first place.

Thanks a bunch of all of your help. My HJT log is just below
-Zelda ;)

-------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:28:05 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program File... Read more

A:HJT Log - Mutliple Trojans, malware, spyware, messed up registry values -sigh-

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode (if you d... Read more

Read other 3 answers
RELEVANCY SCORE 57.6

I just added my wife as a second "log on" user on our XP system. The problem is that changes that are made her exployer (mostly on the favorites list) are tranfering over to the other users exployer (mine). Her favorites change when I change my favorites list and visa vera...Is this suppose to happen?
 

A:Mutliple user problems

did you make a user account with her own icon and password ?
 

Read other 2 answers
RELEVANCY SCORE 57.2

hello sadly i am back with a real nasty situation laptop has SW protector displayed on it wont let me go anywhere - not even in safe mode i did get safe mode with command prompt to work and went to regedit current user to try to find the file delete disabled manager but couldnt find the file in the path i was told to do i cant run malwarebytes or anything right now as i dont know to get to program also when i do the ctrl alt del thing it says task mgr disabled when i logged into safe mode with c prompt unless it was admin i got errors of not geing able to run regedit the cd rom is not working either - OS is xp home sp3 i believe has been loaded on as well any help on this would be greatly appreciated thank you in advance serenity

A:mutliple virus trojans -cant go anywhere

Hi, serenity_Ash If you still need some help, we can give it a try. You will need a flash drive to move information from the sick computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).Here is what you need to do.Two programs to downloadFirst Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps. SecondDownload OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.When downloaded double click and this will then open ISOBurner to burn the file to CDBoot the Non working computer using the boot CD you just created.In order to do so, the computer must be set to boot from the CD firstNote : For information click hereYour system should now display a REATOGO-X-PE desktop.Double-click on the OTLPE icon.When asked "Do you wish to load the remote registry", select YesWhen asked "Do you wish to load remote user profile(s) for scanning", select YesEnsure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start. Change the following settingsChange Drivers to AllChange Standart Registry to AllUnder the Custom Scan box paste this in/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.s... Read more

Read other 30 answers
RELEVANCY SCORE 54

Hi,
I know this is probably an easy question, but I've searched repeatedly on the web and I can't find advice there or in the forums because I'm missing some kind of terminology.

I want to be able to highlight multiple words in Excel and see the home toolbar open every time I open a spreadsheet.
Longer explanation:
I'm using Microsoft Vista 2007 with Excel 2010. I use Excel to make quite a few spread sheets to study for school, and I often have to selectively highlight multiple certain words by hitting ctrl and holding ctrl while highlighting the words. Next I would underline all of the highlighted words. About a month ago it was working fine.
Suddenly out of the blue whenever I try to highlight multiple words by holding ctrl in Excel it won't work. Also, previously when working in excel 2010 the top menu bar would stay on home toolbar with all the option listed, meaning I could keep tinkering with the font uninterrupted. Now after underling just one word at a time the toolbar keeps disappearing with the File tab highlighted green, and I have to keep clicking back to the home tab, then click underline. Have to repeat highlighting each individual word,, clicking home tab, and then underlining. Ugh!
I would love to hear some advice before I tear my hair out in frustration.
 

A:Solved: Excel 2010 unable highlight mutliple words & toolbar problems

Read other 6 answers
RELEVANCY SCORE 52

Ok. When i turned the computer on today i saw a flashing icon in the system tray saying "Virus Alert!". When i click the popup it opens up Spyware Quake and does a scan. I closed it as soon as it popped up.

I googled "Spyware Quake" and found out that it was a spyware that tricks people into buying their products. So i googled how to remove it and found to use spyware doctor which did get rid of the pop up in the system tray.

But my computer still has spyware around ever since i got that spyware quake problem. I get pop ups when i use internet explorer telling me that my computer may be infected and i need to download that program to remove it (WinAntiVirus PRO was one of them i think).

I also have Norton Antivirus 2006 and i get messages for it saying ive got "Trojan.Nebular" and that it cant be repaired and access to it is denied. I do run Ad-aware and Spybot S&D regularly along with my norton scan.

Could anyone help me with this?
 

A:Solved: Spyware virus problems - Spyware Quake

Read other 16 answers
RELEVANCY SCORE 52

I just went though an extremely long and time consuming process of getting my computer operational again. I was infected by malicious programs while running various anti-spyware programs like Spyware Doctor, and Spyware Search & Destroy. I have since then installed even more programs like Ad-Aware and Malewarebytes. Each one has been able to remove spyware or programs the others could not. Anyway at some point my antispyware programs failed me and I got infected. I also had Norton at some point but that was useless as well.

Anyway the problem that worries me right now is that most of my anti-spyware can not update. Only Ad-Aware seems to have updated. The rest are getting blocked by something or they say that I do not have an internet connection yet here I am typing away. When I do searches for spyware or viruses the links I click on give me a page cannot be found error. It is like I have a censor on. I managed to download AVAST but I can not install it as it needs to download some files and it is being stopped by something.

During startup I get a memory can not be read error on HDThemeEnabler. Other programs like Realtek Audio have to be terminated when I first see the desktop appear. One program that seem critical called services.exe has to be terminated with status code 1073741819.

Also when ever I remove the spyware on my computer and every single spyware program comes up clean I will get spyware getting downloaded or turning on during startup. When I open ta... Read more

A:Problems with spyware and can not update virus/spyware programs.

Hello and welcome to TSF.

Please read the instructions very carefully and carry them out exactly as they are presented.

Download Combofix from here and save it to your desktop.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts. Combofix will try to update. It's very important that you do NOT allow it to update. Please click on No if it requests an update.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

# Your deskt... Read more

Read other 12 answers
RELEVANCY SCORE 47.2

I have been having problems with my computer, I have a graphic on my desktop that says "Warning! Spyware detected on you computer!" and I can no longer get to settings to change my background. I have run Spybot and I am using Trend for my active virus detection. Here is a copy of my HiJack Log. Please advise which actions I should take next.

Thank You, Henry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:13 PM, on 7/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTun... Read more

Read other answers
RELEVANCY SCORE 47.2

Ok heres the thing, i believe im infected with a virus or maybe spyware. Im not sure because i dont know a whole lot about computers. but heres whats happened. Some ad like things started popping up a few days ago and i knew that it was spyware or something so i went and bought some anti-Virus protection. When i restarted my computer to install it, beforing loading the desktop a fake anti virus type thing popped up syaing i was unprotected and what not. If i try to cancel it out it tells me it isnt allowed, if i press ctrl+alt+delete the task manager button isnt there, and if i press ctrl+shift+esc the task manager wont appear. So i have no desktop and no way to make this program install on my computer. I tried installing it while in safe mode but it fails. What should i do exactly? I would like to try to just get rid of it with the program if possible because i have pictures and such that i would like to keep. Anyone, please let me know what to do. Currently i am accessing the net from Safe mode with Networking support. Please help ASAP. thanks

A:Virus, maybe spyware problems

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 47.2

Hi all,
I have discovered some kind of problem with my machine wich is running win xp professional service pack 2 it has taken away my avg free and it wont let me run spybot s&d i also cannot re-boot in safe mode i have done a hijack this log.
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:06, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\btbb_wcm\McciTray... Read more

A:virus/spyware problems

You probably have something on your system. Unfortunately we cannot help with malware removal in the XP section. Please click on the 5 Steps to Remove Spyware link in my signature below, follow the steps, and then post your log in the HijackThis Forum Section as directed by the 5 Steps.

The TSF malware removal team will look at your log once it is in the appropriate section.

BMR777

Read other 1 answers
RELEVANCY SCORE 47.2

Hi,

Well here is my problem. My antivirus software (avast) detects 2 viruses. The first is called Hrum# and has what looks like a randomly generated number after it everytime it is detected, the antivirus software can delete it but a few seconds later it will just re-apear with a different number, i have tried deleting it myself but again it just re-apears a few seconds after. The second one seems to have named itself printer.exe, this virus really slows down my computer as a few minutes after i boot up my computer a get a yellow triangle that tells me i have a spyware infection. It also gives me popups telling me to go and download WinAntivirus 2007 which doesnt seem to take 'No' for an answer and carries on poping up every few minutes. Also i cant access my Control Panel even in safe mode or delete printer.exe by hand.

Can you guys help?

A:Virus/spyware Problems

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 1 answers
RELEVANCY SCORE 47.2

Hi there i've been having problems with my computer on and off for quite some time. My firefox as well as my IE both log in ok then immediately start going slow and sometimes freeze up. I also noticed more recently when going to google and doing a search I try to click on a link that sometimes redirects me to a page that says its an attack page with a red background. No options to ignore it. My games for example Yoville go extremely slow on my computer but another computer beside me attached to the same modem goes extremely well.

I've attached the logs and scans you've asked me to run.

Heres my dds post :

DDS (Ver_09-12-01.01) - NTFSx86
Run by kevin at 9:57:57.92 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1353 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Spyware Cease\SpywareCease.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Pro... Read more

A:Virus and or spyware problems.

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
To disable Avira Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks to this: )

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done

Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

==================================

Read other 8 answers
RELEVANCY SCORE 47.2

I hope this thread can help me i have spent this day doing all five steps so here is my problems. First off i have been having problems with a very slow computer and it should not be slow. I figured it was spyware so i downloaded avg and ran it. (I have freedom security systems through sympatico but i don't think it catches much.) when i ran it it found alot of problems and got rid of most but it had changed a few things too.


this was only the start of the problems i am always getting windows popping open with sites i don't want ie:brodcaster, adult friend finder,jack9 and so many more. When i type letters and sometimes whole words are missed. (i thought it was my keyboard but i bought another one and it still is doing the same thing. My ad-aware scan cannot delet a spyware abetear i believe its called (next time it comes up i will get correct spelling.) This is my last resort nothing that i have done gets rid of the problems i have even tried system restore and it will not let me restore to any restore point. Even the one program that i downloaded today for step 3 will not run and i tried deleting it and downloading it again incase something didn't download right. I get this message:
---------------------------
Error
---------------------------
Cannot find import; DLL may be missing, corrupt, or wrong version
File "MSVBVM60.DLL", error 126
---------------------------
OK
---------------------------
If You cannot help me i will have wipe it and ... Read more

A:spyware,virus problems

Hi emmum,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here?s what we do first.

I notice that you are using more than one anti-virus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you either:Configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time; or
Go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one anti-virus program.


NEXT:

Please download HostsXpert by funkytoad and save it to your desktop:Extract the zip file (right-click the file and select "Extract All") to your desktop or a permanent folder on your hard drive.
Open the folder and double-click on HostsXpert.exe.
Make sure that the "Make Writable?" button in the upper left corner is enabled. By default the button should be showing "Make ReadOnly?" (if it is, leave it alone).
Click "Backup / Restore" and select "Create Backup".
Click "Restore MS Hosts File".
Click "OK" and exit the program.


NEXT:

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processo... Read more

Read other 19 answers
RELEVANCY SCORE 47.2

I was called in to clean up this machine. But so far it has been taking me to the cleaners.
According to Ad-Aware, Spybot S&D and MS AntiSpyware the system is clean now. Norton AV 2002 and AVG 7 are coming up clean now also. But there are still some questionable things in the HJT log. The most frustrating part of this is that something is disabling the NICs. After the massive clean up mentioned above the NIC now is not recognized by Windows XP. Actually it is recognized but it will not load the drivers. It shows up in the Device Manager under the "Unknown" category, with the following Device Status:
This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Click to expand...

. It is a RealTek RTL8139/810 integrated NIC. I've also installed a USB NIC, but got the same results.
All scans were run with the latest updates to each software, except Spybot - it was run last, and after the NIC problem started.

Here is the latest HJT output
Logfile of HijackThis v1.99.1
Scan saved at 10:34:00 PM, on 3/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\av... Read more

A:Spyware and virus problems, and now the NIC

it looks to me as you have 2 virus programs running at the same time ,you should only have one. i use AVG 7 free ,it is not such a resource hog. i also use panda free on line scan once a week just to be safe. website below.
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
 

Read other 2 answers
RELEVANCY SCORE 47.2

I created a hijackthis log and would appreciate it if someone could take a look at it. The spyware/virus that I have is a yellow triangle w/ an "!", in the system tray. The bubble that pops up says that I have the "[email protected]" trojan. I also get IE popups ever couple minutes. Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 9:37:51 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Del... Read more

A:Spyware/Virus Problems

Read other 7 answers
RELEVANCY SCORE 47.2

Hi hope you can help! I am getting persisstant pop ups and panda scan said i have a virus. Could someone please guide me through how to remove them.

If you could also recommed what products to use to clean up a very messy registary and protect the laptop in future thank you in advance.

I have followed the first 5 steps (apologies if I still get it wrong)! Here are the results.

Deckard's System Scanner v20071014.68
Run by Carol on 2008-01-20 00:07:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
59: 2008-01-20 00:07:57 UTC - RP226 - Deckard's System Scanner Restore Point
58: 2008-01-19 23:03:02 UTC - RP225 - System Checkpoint
57: 2008-01-17 10:39:31 UTC - RP224 - Software Distribution Service 3.0
56: 2008-01-16 02:52:44 UTC - RP223 - System Checkpoint
55: 2008-01-15 01:47:42 UTC - RP222 - System Checkpoint


-- First Restore Point --
1: 2007-10-20 18:59:55 UTC - RP168 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Carol.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:09:20, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode... Read more

A:Spyware problems and possible virus

Bump.

Read other 4 answers
RELEVANCY SCORE 47.2

I have recently gotten some sort of spyware on my computer that, despite my best efforts, I cannot completely remove. I keep getting an icon on my desktop that says "Best Online Casino," which i believe to be caused by the file telnetxp.exe. I also get popups telling me that my computer may be infected, which are caused by taskmgn.exe and taskngr.exe. Also, 8 links keep reappearing in my "Favorites" that link to www.thebestsearch.net and easysearch.cc. I run Windows XP Pro and have all the updates. I also have updated and run Norton Antivirus Pro 2004, Ad-Aware 6, Spybot Search & Destroy, and Spyware Blaster. I will post my HijackThis log below. Thanks in advance for checking it out for me.
Logfile of HijackThis v1.97.7
Scan saved at 12:56:14 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Audio\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Audio\iTunes\iTunesHelper.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
... Read more

Read other answers
RELEVANCY SCORE 47.2

Ok this was my original topic.Hi,Well here is my problem. My antivirus software (avast) detects 2 viruses. The first is called Hrum# and has what looks like a randomly generated number after it everytime it is detected, the antivirus software can delete it but a few seconds later it will just re-apear with a different number, i have tried deleting it myself but again it just re-apears a few seconds after. The second one seems to have named itself printer.exe, this virus really slows down my computer as a few minutes after i boot up my computer a get a yellow triangle that tells me i have a spyware infection. It also gives me popups telling me to go and download WinAntivirus 2007 which doesnt seem to take 'No' for an answer and carries on poping up every few minutes. Also i cant access my Control Panel even in safe mode or delete printer.exe by hand.Can you guys help?and the replyInstall Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/I did all this a... Read more

A:Virus/spyware Problems

Hello MVaugh,While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.In the Mode menu click "Advanced mode" if not already selected.Choose "Yes" at the Warning prompt.Expand the "Tools" menu.Click "Resident".Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.In the File menu click "Exit" to exit Spybot Search & Destroy.Please download SmitfraudFixYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exeSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes"... Read more

Read other 1 answers
RELEVANCY SCORE 47.2

HiI am having serious problems with my computer. It is running XP with Service Pack 2 recently installed. I have had a number of virus?s and spyware, but was able to deal with most of them with AVG7, Ad-Aware SE, Microsoft Antispyware and Spybot. The Firewall is also enabled.Now, a few seconds after I boot up and windows starts I get a message that ?Microsoft Antispyware has blocked C:/Windows/System32/swwhost.exe from being installed?. (I have tried unblocking this in Microsoft Antispyware but everytime I reboot it happens again).Whenever I get onto the internet (with Internet explorer), everything is OK for a few minutes then I get a message from AVG7 to say that ?a virus has been detected giving the location as C:/Windows/System32/Setup.exe?. It refuses to be healed or to be placed in the vault. Then each page I try to access on the internet cannot be displayed. A minute or so after this I get the message that ?Microsoft Antispyware has blocked C: Windows/System32/myson.bat?As you can imagine, it was nearly impossible for me to get to the page where I can download HighJackThis. I eventually managed to download it. This is my HighJackThis Log:Logfile of HijackThis v1.99.0Scan saved at 16:50:59, on 19/01/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\sys... Read more

A:Virus/SPyware problems: Can anyone help?

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:O4 - HKLM\..\Run: [WinLogin] win32x.exeO4 - HKLM\..\Run: [Messenger Service] msnmsg32.exeO4 - HKLM\..\Run: [Windows Registry Server] spoolsvc.exeO4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exeO4 - HKLM\..\Run: [Windows Media Player] msams.exeO4 - HKLM\..\RunServices: [Messenger Service] msnmsg32.exeO4 - HKLM\..\RunServices: [Windows Registry Server] spoolsvc.exeO4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exeO4 - HKLM\..\RunServices: [Windows Media Player] msams.exeO4 - HKLM\..\RunOnce: [Microsoft Windows Update] swwhost.exeO4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exeO4 - HKCU\..\Run: [Windows Media Player] msams.exeO4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exeO16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CABReboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)c:\windows\system32\win32x.exec:\wi... Read more

Read other 7 answers
RELEVANCY SCORE 47.2

Problems:Stalls on restart, must force shut down to rebootGoogle/Yahoo searches are redirected to spam websitesPopups notifying I have a virus on my computer, telling me to get their softwareCannot open malwarebytes to scan computerDDS Log:DDS (Ver_09-05-14.01) - NTFSx86 NETWORK Run by Administrator at 20:03:47.29 on Fri 05/22/2009Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1.#QNAN.1697 [GMT -5:00]FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {D8EAE8BD-5D15-4D72-9D75-F3270B80F3D8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Documents and Settings\administrator.PIKE\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.yahoo.com/uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=usuSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=usuDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070419mDefault_Page_URL = hxxp://www.dell.commDefault_Search_URL = hxxp://www.google.com/iemStart Page = hxxp://www.dell.comuInternet Connection Wizard,ShellNext = hxxp://www.goog... Read more

A:Spyware/Virus problems! Help!

I'm sorry, I forgot to also post a hijackthis log.Here it is.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:20:27 PM, on 5/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\OfficeScan NT\ntrtscan.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\Program Files\Microsoft SQL Server&... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

Hello everyone. I was recently infected with a bad trojan TDSSERV as well as Eacceleration and Mywebsearch. I seem to have gotten rid of the viruses themselves but pieces still remain. The startup items are still here and every time I delete them they get readded immediately although when they run at startup they get errors because ive removed the files and they cant actually run. I've used Spybot SnD, SDFix, Combofix, CCLeaner, and many others. Here is my HJT log file including startup items and uninstall list. Thank you in advance for your assistance. Also I just noticed that when I tried to defrag a lot of files that are invisible to me otherwise, were in the list of fragmented files. Eacceleration(any number1-99).zip was something I saw a lot of. I have yet to find a way to see these and delete them myself.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:11 PM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\sys... Read more

Read other answers
RELEVANCY SCORE 47.2

Hi

Now sure if I've posting this on the right forum but here goes...

Build a new pc a few weeks ago, brand new hard drive, installed Norton internet security 2007 and updated straight away then updated windows XP home. About 1 week later I start getting popups and the windows pop up feature is on but on the odd occasion it swiches itself to off!

Everytime the PC is started in windows internet options the privacy slider is right to the bottom and it's allowing all cookies on the PC, I switch this to medium, press apply then close but when the pc is started again it's back to the bottom.

Trojan Vundo is one of the items norton picks up, cleans ect, says it's got rid of and when pc is started again it's back. It always says it's been fully removed but it isn't. I've used spybot and CClearner and they pick things up, get rid then pc is restarted and they are all back again..

I think I may have to reformat but would like to know what is is first and if there is any way to cure it, thanks

susan
 

A:Virus or spyware problems!

Read other 12 answers
RELEVANCY SCORE 47.2

Hi couple of days ago I realised quite a lot of ads kept popping up while I was surfing the internet so I decided to download Spybot S&D- a trustworthy anti-spyware. Unfortunately I got a fake version which managed to put even more spyware on my computer. I occasionally got a high alert threat from Norton about a file called "Downloader" which it couldn't fix. That put me into action and firstly I tried a system restore which didn't work as all the restore points were made when Norton Anti-virus was on which meant that the restoration was incomplete. So i got back on the internet and this time managed to get the real version of Spybot S&D, which I ran and it deleted some of my spyware. After that I ran Norton AV which came up with some spyware threats and maybe a virus I can't remember. Anyway the files it failed to delete I deleted manually. The computer seemed to work fine after that but once every 45 mins while I was surfing on the net an ad would pop up saying "ads served by superiorads" in the blue bar at the top, also a folder called,"superiorads.biz" would always appear in my history folder on clicking it, it would show a file called Error and on clicking it a page would open, "Error - Ads need to be loaded from adcode, if you keep getting this error contact your account rep". So I downloaded Hijackthis and today managed to delete some of the superior ads files from my computer, I will add the latest log at... Read more

A:Spyware and virus problems

Read other 16 answers
RELEVANCY SCORE 47.2

Hi there

I have had various problems over the last few weeks which originated with the identification of Vundo Trojan on my SBS 2003 system.

Following various scans, system state restores and lots of downtime on the network I now have the server in a "stable" condition however there is definitely something still on the there. The McAfee On-Access scan has identified Tool-Nmap through both Ad-Aware.exe and beremote.exe on the sytem in the last few days and successfully moved to the quarantine folder.

However the fact that the system still seems to be having these issues flagged and the constant traffic indicated over the WAN and LAN as well as the very slow internet speeds indicates a problem still exists.

I have attached the extra.txt as requested and pasted the main.txt below. Any help would be much appreciated!

Cheers
Ian

Deckard's System Scanner v20070423.42
Run by iwilkinson on 2007-04-26 at 11:00:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as iwilkinson.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:03:50, on 26/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\... Read more

Read other answers
RELEVANCY SCORE 47.2

My laptop is infected with numerous spyware and viruses. Ive run virus scan, ad-aware, and ewido but it does not help. This is my hijack log, can someone help please.

Logfile of HijackThis v1.99.1
Scan saved at 11:51:19 PM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Synaptics... Read more

A:Virus & Spyware problems

Read other 8 answers
RELEVANCY SCORE 47.2

i think that i may have some serious spyware or virus problems. will someone please help me?
heres my hijack this file.

Logfile of HijackThis v1.99.1
Scan saved at 10:56:01 PM, on 7/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\nmvcrk.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINPENJR\win32\pphidpad.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\l?gonui.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\CTsvcCDA.exe... Read more

A:please help me (virus/spyware problems)

Read other 16 answers
RELEVANCY SCORE 47.2

Hello, I'd like to first say thanks for any help I may receive.

My problems come in a plethora of types. First I have constant popups as well as attempts by malicious code to execute while using a browser. I have used ad-aware and spybot in safe mode and they were able to remove everything they could find except a registry key. I tried to go into regedit but it said I couldn't delete it due to it currently being used by some system process. When I restarted my computer its as if most of the problems weren't fixed at all, and it seems the malware is propogating again. Also I had to run ad-aware and spybot in safe mode because my computer restarted if I did not.

I examined the 5 steps in the sticky. I have removed many spyware programs, none of which on your list, I run XP SP2, and attempted to use Panda software antivirus as you instructed. I installed the active X and ran the scan twice, both times my internet explorer crashed. I'm not sure if this was due to the problems I am having or something I did. However Panda did come up with lots of results in the time it ran before crashing.

If there is any other information you need let me know. I think I attached the extra file correctly if not let me know...

Here is the hijackthis logfile:

Deckard's System Scanner v20070711.54
Run by Derek Pope on 2007-07-18 at 21:10:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore ----... Read more

A:Various Spyware/Virus Problems

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 19 answers
RELEVANCY SCORE 47.2

Hi, just recently i think i installed a bad exe file. ever since i have a message popping up saying these exact words: your computer was infected by an unknown trojan. its dangerous for your system (critical files and be lost) click ok to download the antispyware program to clean your system (reccomended).

this is obviously not a legit message so i have just closed it when it pops up. (and it happens all the time). also, everytime i use google through internet explorer it has a message saying something along the lines of your browser has been hijacked. and whenever i try to open pages through goolge through internet explorer it goes to porn sites.
also before i posted this log i tried to run the panda system scan, but it would not work, but i do have a hijack this log file.

this is the log file from hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:52 PM, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\G... Read more

Read other answers
RELEVANCY SCORE 47.2

I'm running windows vista SP1 on a dell inspiron 1500-ish laptop.

What happened:
I tried logging on, and I could see the login part (where you type your password). When I would log in the screen would go black and I could move the mouse around, but I couldn't see anything. There was no login music.

So, I went into the bios and turned on load factory defaults. Now I've gotten on, but several things are wrong:
-I can't use spybot s&d...I'll open it up from the start menu and then see the little icon down the bottom right launch tray. I can't get the window open from there.
-I can 'launch' the task manager in a similar fashion, but from the bottom right icon tray I can't actually maximize it.
-Every now and then my computer pauses for a couple seconds
-Down on my lower toolbar (like where is says all the programs you're running) something will open and close really fast. I can't see what it is.
-I tried downloading and installing adaware, but it can't install. It's stuck at the "this program is being configured" part.

Here is the hijackthis log, if you need any other just let me know:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:00 AM, on 2/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OE... Read more

Read other answers
RELEVANCY SCORE 47.2

Techguy & Others -

I have been struggling with a virus/spyware problem for the past several days. It seems I have picked up a bug somewhere whose main purpose is to download spyware. Norton has been unable to detect/clean the virus. McAffee recognized it, but offered little help. Panda Active was able to clean about 15 of 32 files that it detected were infected.

The computer starts up...runs very slow...unable to get msconfig or regedit to stay open long enough (unless I do the .com rename trick). Spy Blaster and Adaware will both detect and clean the problems, only to have them return in minutes. Each virus detector has called the virus something different...I have seen the names:

trojan.chost
backdoor.sdbot
bloodhound.packet
w32.sdbot.worm
and something with the word download in it.

Below is my hijack this log...let me know if you have any ideas, and thanks in advance for your time and effort!

David
Logfile of HijackThis v1.97.7
Scan saved at 10:42:14 PM, on 8/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\MSNGUYEN.EXE
C:\Program Files\NavNT\def... Read more

A:Virus / Spyware Problems

Read other 11 answers
RELEVANCY SCORE 47.2

Here are my logs of DSS.exe i copied from main.txt file as intructed by a tech here please take a look, thanks.


Deckard's System Scanner v20071014.68
Run by turab on 2007-10-28 1550
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
77: 2007-10-28 1954 UTC - RP83 - Deckard's System Scanner Restore Point
76: 2007-10-28 05:19:25 UTC - RP82 - Installed ACDSee 9 Photo Manager
75: 2007-10-28 05:17:04 UTC - RP81 - Removed ACDSee 9 Photo Manager
74: 2007-10-27 04:20:48 UTC - RP80 - System Checkpoint
73: 2007-10-26 03:15:44 UTC - RP79 - System Checkpoint


-- First Restore Point --
1: 2007-08-17 22:55:42 UTC - RP7 - Installed HPSU306Stub


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-28 15:08:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WI... Read more

A:Spyware, Virus problems.

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cl... Read more

Read other 8 answers
RELEVANCY SCORE 46.8

My husband was on a site yesterday for a radio station and clicked a link to look at some "enticing" thing he saw in their site. Now we have some radio station that plays over the top of the internet and we can't stop it (can't even see it) and my computer is screaming about security threats. It tried to download some spyware guard 2008 but I didn't let it.

I need major help before I turn to just killing my dear husband, please....

we have Vista...not sure what else I can tell you to start. Here is my log. We've run our McAfee scan several times and it keeps finding the same thing and removing it "fakealert-BR (trojan), fakealert-BR (trojan)". The first time it found & removed "fakealert-AB.dldr (trojan), fakealert-AB.dldr (trojan)" and that one hasn't come back.

Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:44 AM, on 12/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Window... Read more

A:major problems-virus/spyware/etc

bump...
 

Read other 1 answers
RELEVANCY SCORE 46.8

I'm glad I found you guys!
I followed any of the steps I could of the 5 steps.

To start, when I boot up the computer I get a window
"suchost.exe has generated erros and will be closed by windows. You will need to restart the program. An error log has been created."
I have no idea what suchost is.

The next window that pops up is
"Error loading cwcprops.cpl. The specified module could not be found."

Before running Ad-Aware on my computer I was getting a black screen as the wallpaper with a fake Windows Security Message and Brave Sentry was on my computer. I also had an icon in the right hand tray saying that Windows Updates were detected and must be downloaded immediately. After running Ad-Aware I tried to change my desktop wallpaper and everything is grayed out and can not be selected except the pattern option. I've never had that happen!

So moving on from there with the 5 steps...
I removed the programs listed in Step 1 and in the spyware warrior. Brave Sentry was listed and I clicked remove but it is still coming up in my Start Menu.

Step 2 - I had already run Ad-Aware and when I tried to run the Panda Online Scan it immediately popped up the error messge
"iexplore.exe has generated errors and will be closed by Windows"
This also clodsed the techsupport forum window and I could not open that back up in Internet explorer without getting the above error for your site. So for now I'm using Mozilla.

Step 3 - I was able to ... Read more

A:Multiple Spyware or Virus Problems!

BUMP

This is getting worse now. I can't open Internet Explorer without an error. When I try to open My Computer or Control Panel after I click on it my screen blinks and then it acts like I haven't tried to open them. I followed all the steps I could and I'm not sure what to do!

Read other 5 answers
RELEVANCY SCORE 46.8

Hi there,

I wonder if you guys can help,

I seem to have a win32 worm virus on my computer along with a string of mulware and spyware, i've tried removing them with things like spysweeper,
spybot search and destroy,ad aware se personal, bullguard anti virus, stinger virus scan.

I seem to be able to get it off but then after a restart it seems to come back.

I've disabled my system restore in an attempt to erase any traces from the restore files and have run the above programs many times but to no avail.

elitebar
win32 worm virus
coolwww
the above are just some of the problems that show up during scans

I have a hijackthis program v1.99.0.1 but im unsure as to what to delete.

Should i waste my time trying to clear it all, or should i use my xp disk to reformat my system ?

If any of you guys have any suggestions, it would be most appreciated.

Thankyou for your time

Stevie
 

A:Win32 virus & spyware problems

Read other 15 answers
RELEVANCY SCORE 46.8

I have been working at this for the past 3 days searching various forums trying to disinfect my PC. I used the DSS tool as suggested, below are the files. Thanks for your help.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-19 19:42:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-19 23:42:07 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-19 19:45:23
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\WLTRYSVC... Read more

Read other answers
RELEVANCY SCORE 46.8

Hi there. I have recently become massively infected with a bunch of spyware/virus issues. I have uncontrollabel popups, includeing seemingly internal ones telling me of system performace monitor warnings, all sorts of trojan horse warnings, etc (one tells me I have [email protected], another tells me of TrojanSPM/LX, and the popups are endless. Here is my most recent HijackThis report.

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\U3lzdGVtIFVzZXI\command.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRISMSVR.EXE
C:\WINNT\system32\ishost.exe
C:\WINNT\system32\issearch.exe
C:\WINNT\system32\isnotify.exe
C:\WINNT\system32\ismini.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint ... Read more

A:I have major virus/spyware/pop-up problems

Read other 16 answers
RELEVANCY SCORE 46.8

today my computer has turned on me! i was on the internet and suddenly everything moves in slow-mo...the mouse the computer response everything...so i immediately logged off the internet and restarted my computer...ran ms config but didnt see a whole lot of new things (just update aol to 9.0) I have twice gotton this messege...to the effect of (titile) "we're sorry" then something about not having enough resource and to close some programs. THis was while no major programs were up and running. This is for my old IBM computer aptiva e series 190. yes it is terribly old and DOES have low rescource but we had everything wiped off except most ness. stuff for browsing etc. i use Mozilla firefox to browse, avast, ad-aware se, spybot S&D and just recently put in hijack this (for yall to PLEASE help me) and am unzip program from download.com...win.zip i think. i have logitech quickcam and Download accelerator. i've not had any problems until today other than when i tried to use too much stuff at once which was my own fault. but today i was doing my normal thing. Now the computer acts fine except took additional attempt to get on line (dial up)...but earlier when it displayed a messege and took so long to do anything (even just to open a folder) there was this weird sound like open dead air...not frm the modem part but out of my speaker...like i had recorded dead sound. PLEASE PLEASE help me..! here's my hijack log:
Logfile of HijackThis v1.99.1
Scan saved... Read more

Read other answers
RELEVANCY SCORE 46.8

I've had some pretty bad spyware attacks on my computer. I get pop ups all the time trying to get me to download some antivirus program that is actually related to the virus..

I did some pretty serious scans. I had a friend from xfire walk me through everything over a mic and we still didnt get it. He mentioned something about having Juan files in the regedt32 that were also associated with the virus. I've done countless scans in safe mode. I've used avast, AVG, cwshredder, some task manager scanner, Trend Micro Pc-cillin, Adaware se, Xoftspy se, and even a few more. People have recommended me hijackthis but i never got it yet.

Anyways, there were a lot of infected files in my regedt32, and i deleted them...

Now when i start my computer, I have no taskbar, i cant search web pages or go online but i can talk via xfire and play online games. im positn from another computer right now.'

I think that my system is too messed up to try to remove the virus, so i have decided to wipe my hard drive clean and start over. Will this allow my computer to be good as new with no virus remains?

I think that even if i did find the virus my computer wouldnt be as fast as it was, so i think that wiping harddrive would be the best option. My computer is a little over 1 year old.
 

A:spyware and virus problems. vundo

Read other 6 answers
RELEVANCY SCORE 46.8

Hello

This is my first post. I'm not too clever with computers and I have hit a problem.

Yesterday, I was searching recruitment websites for jobs and, having just submitted one application via Reed.co.uk, I noticed the name of the agency which would be dealing with my application (Ace Appointments, Northampton) and decided to look them up. So I copied their link and pasted it into Google.

For a moment, I saw the agency's page, but was then confronted with a picture of a naked woman (supposedly Emma Watson out of Harry Potter) on what looked something like a YouTube page layout. I clicked away from the page, but there was message about downloading Flash (the download was unsuccessful, apparently) and the page disappeared.

Shortly before, a friend has e-mailed me various links to tutorials and guidance on web development. Trying to access and download these, I began to notice problems with Internet Explorer, both with the files I was trying to download and with my usual Home Page (Google) and various Favourites. Each time I go to a web page, I get the Internet Explorer Message saying there is a problem and Internet is trying to close. I tried to send the Error Reports as invited, but the system just seems to go around in circles: back to the web page or tab, which tells me it's recovered, but quickly accompanied by the IE Error Report.

With the help of a friend who has used your site before and has recommended you to me, I have run a full scan of the comp... Read more

A:Virus/Spyware causing IE8 problems

Hello and welcome. Appears you picked up a browser hijacker,lets look. It looks like a lot but it isn;tPlease download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as ... Read more

Read other 3 answers
RELEVANCY SCORE 46.8

Logfile of HijackThis v1.99.1
Scan saved at 11:35:40 PM, on 7/18/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\taskib.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\{D4968B53-0228-1033-0315-009807170001}\Update.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\explorer.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\SmVzc2ljYSBEZWdlbmhhcmR0\command.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
E:\hijackth... Read more

A:Virus/Spyware problems - HiJackThis Log

I personally would remove the search bar ones.
But try removing them normally under the add and remove.
Then the web\related ones.
Those Dll ones are weird.
I would download CWShredder and run that. Run Spybot and Adaware.
 

Read other 2 answers
RELEVANCY SCORE 46.8

Hello,
Thank you in advance for any assistance you can provide. I am trying to cleanup a machine running Windows 2000 (not sure what release).

I've run AntiVir, Spybot, Adaware, and CWShredder, but am still experience problems For example, I can't change the default home URL from 'about:blank'. There are also a few programs in 'Add/Remove Programs' that I can't seem to get rid of.

AntiVir found many archieves (probably more than 30) with 'infected file' that couldn't be deleted. Most of them appeared to be .dat files, but one was a .cab file (polmx2), which I suspect is part of the problem. I'm also guessing they may be hidden files becuase I couldn't 'find' them in Windows.

Below is my HJT log file. I also have a startup list, but need to post it in an additional thread because this one is too long. Any suggestions are welcome.
Thanks,

Lulie

Logfile of HijackThis v1.99.0
Scan saved at 4:37:35 PM, on 01/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\wanmpsvc.ex... Read more

A:Major Virus/Spyware Problems

StartupList report, 01/13/2005, 4:39:30 PM
StartupList version: 1.52.2
Started from : C:\My Downloads\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\WINDOWS\system32\javabm.exe
C:\WINDOWS\system32\syssz32.exe
C:\My Downloads\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\doctorjar\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not fo... Read more

Read other 1 answers
RELEVANCY SCORE 46.8

Logfile of HijackThis v1.99.1
Scan saved at 16:30:36, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd3.exe
C:\DOCUME~1\Owner\APPLIC~1\ECURIT~1\scanregw.exe
C:\Documents and Settings\Owner\Application Data\M?crosoft.NET\r?ndll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trillian\trillian.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {43554EF9-89... Read more

A:Virus / Spyware problems. HJT log included

Read other 13 answers
RELEVANCY SCORE 46.8

I have been having major issues after getting a virus. It initially started as the Security Tool pop ups and I also had some star search bar added to internet explorer. I couldn't open malwarebytes, ad-aware or HiJackThis. I finally was able to manually delete the <numbers>.exe file causing the security tool problem. I was still having problems with pop ups and the anti-virus / malware programs would not run still. Finally got AVG to work and it found a couple of dll files that were infected. Tried to remove them and ended up having to download a program that would delete files on machine startup (couldn't remove them any other way). I also couldn't delete registry keys because they would keep reappearing seconds later.

Finally found this site and downloaded and ran combo fix and wanted to post the log to see what to do next. After the combo fix restarted my computer a rundll message poped up telling me that two dll files could not be found/loaded...I assume they were spyware/malware and were deleted. Sorry for rambling but is has been a long hard fought battle with this darn virus.... Please what to do next? Log file contents pasted below:

ComboFix 09-10-28.08 - chris 10/30/2009 11:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3065 [GMT -4:00]
Running from: c:\documents and settings\chris\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}... Read more

A:Major Virus/Spyware Problems

Hi,

We don't encourage the use of ComboFix unsupervised, it is a very powerful tool. In our first steps guide we ask for Diagnostic logs only.

You took a risk in running ComboFix, fortunately no difficulties arose.

Please do the following:

(note: if ComboFix requests to update - allow it to do so)
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


Code:
http://www.techsupportforum.com/f100/major-virus-spyware-problems-427112.html#post2418055

Collect::
c:\windows\Udefobuhuwonez.dat
c:\windows\system32\luhonaki.dll
c:\windows\kapicosr.dll

File::
c:\windows\Dhaxolacihirew.bin
c:\windows\win32k.sys
c:\windows\system32\4B7.tmp
c:\windows\system32\4B6.tmp

Folder::
c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}
c:\documents and settings\All Users\Application Data\00da785

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,... Read more

Read other 10 answers
RELEVANCY SCORE 46.8

Have a host of problems including pop-ups, Explorer crashing and what not (and Vundo!!)...Hoping to get some help..

Below is my Hijackthis log :
Logfile of HijackThis v1.99.1
Scan saved at 11:27:23 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\UMCSTUB.EXE
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINDOWS\system32\... Read more

A:Solved: Virus, Spyware, Problems....I got them all...Help!!!

Read other 7 answers
RELEVANCY SCORE 46.8

I've had problems over the last month or so with a large amount of spyware popups which open as a browser called "Aurora" or "The best Offers" and constantly pop up, even when i'm not using the internet. Further, they have slowed my computer way down, and the long it is on, the less functionable it is. Also, I constantly get a popup saying IE has ended improperly and asking if I should send info to windows or not (ie after you close a program that's not responding) but the only thing is , i don't use IE i used firefox. Also, I get a pop up saying my computer is at risk and infected with viruses and to "click here" which i never do....

But anyways, here is my Hijack this log, hope you can help... thanks SOOOO much for looking at it and trying to give a hand

Logfile of HijackThis v1.99.1
Scan saved at 12:11:27 AM, on 11/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\D... Read more

A:My Hijack This Log - Spyware/Virus Problems.

Get yourself a decent Spyware scanner. I use SCANSPYWARE and it removed Aurora and found a couple of other infection that I wasn't even aware of


Mod note:

Please refrain from dispensing unauthorised advice here.

Kindly read this before proceeding..

Read other 5 answers
RELEVANCY SCORE 46.8

Hello,
I just reg'd here....It looks like a great place

If someone ( pyritechips / or..?) could advise me on what to remove from my hijack this scan...
many thanks

note: I dig around in my C:\windows\ Dir often and I found
this:
C:\WINDOWS\server\svchost.exe
and this:
C:\WINDOWS\AddClass.exe
also:
C:\Documents and Settings\Bill\Application Data\winshow\winshow.dll

I am aware of the system file : svchost.exe
but the DIR C:\window\server\
is not where it should be.. correct?
I know windows service(s) use mutiple instances
of : svchost.exe
So I should only have 1 svchost.exe
in C:\WINDOWS\System32\
Note: well acually 2 (C:\WINDOWS\system32\dllcache )
I notice that many viruses mimic the system's layout/folder/file names.
Is : C:\WINDOWS\server\svchost.exe
a virus ?

anyway,

here is my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 3:24:16 AM, on 12/5/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\javaw.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\javaw.exe
C:\Documents and Settings\Bill\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Soft... Read more

A:similar problems/spyware or virus?

Hi and welcome. I've split you into your own thread for better assistance. Anyone else reading this with similar problems, please start your own thread rather than tagging onto an existing one.
 

Read other 1 answers