Over 1 million tech questions and answers.

KEENVAL Trojan + lots of spyware

Q: KEENVAL Trojan + lots of spyware

The PC is a Dell Dimension that I am working on, the complaint was slow pc,freezing. I had to repair IE so I could get online to upgrade, I installed A-square and The Cleaner and did scans, The Cleaner found 3 KEENVAL entries and A-square found something like 180 spyware, the trojans are in quaretine and I removed the spyware. IE is working ok now but Microsoft updates will not install, I have tried all the fixes I could find in outher threads with no luck. I figured it was time to get help, I was surprised to see what Panda found. The OS disk is not available for reinstall as the system has ben handed down twice. I did use another disk to do a repair.
I've been doing some reading on thise site for the last few days and like what I see.

RELEVANCY SCORE 200
Preferred Solution: KEENVAL Trojan + lots of spyware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: KEENVAL Trojan + lots of spyware

bump,I know you are all bussy,I am waiting patiently

Read other 1 answers
RELEVANCY SCORE 62.4

Hi.

I have a problem with these Trojan i cant get them removed from my computer.
I have OS Windows XP.

The Themida.DO Trojan i got when i downloade some program and opened a exe file.
The Downloader keenval, i dont got i clue where it came from, maybe the same program.
I have tryed running, Norton AntyVirus, RegistryFix, SpyBot - seach and Destroy, Ad-Aware, Spysweeper and F-Souce internet service(this program pops op with windows, this is what is in them.)

None of these program, cant removed the Trojans, i have tryed now in about 5 hours the removed this trojans, adware and virus's but nothing simes to work.
----
Adware.win32.neon
Spyware Detected.
Type: adware
Object: C:\windows\ibbho.dll

-

adware.win32.perfnav
Spyware Detected:
Type: adware
oject: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\43014607.dll

-

adware.win32.perfnav
Spyware Detected:
Type: adware
Object: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\4d60311f.dll

-

adware.win32.altnet
Spyware Detected.
Type: adware
Opject: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\4d60311f.dll

-

Evil minded kode found in file: 48c20957.exe
Infected. Trojan downloader.win32.keenval.g

---

Thats the "only" one i got until now
I have runned out of id... Read more

A:Trojan Themida.do, Trojan Downloader.win32.keenval.g

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------Getting into Windows Safe Modehttp://www.computerhope.com/issues/chsafe.htm(pre-Vista OS's)

Read other 4 answers
RELEVANCY SCORE 62

This trojan was automatically found by AVG Antivirus in C:\System Volume Information\_restore{F20DC62-5212_4F33-8959-AB7D05D4CDB6}\RP8\A0000790.exe. But the problem is, AVG doesn't find the virus when I run a scan, even with a custom scan for just C:\System Volume Information. It doesn't show up anywhere in add/remove programs, either (unless it goes by a different name there). How do I remove this thing?
 

A:Keenval.B trojan

C:\System Volume Information is in System Restore. The only way to remove a file from there is to turn off System Restore.

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

When you are sure you are clean turn it back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
 

Read other 3 answers
RELEVANCY SCORE 62

Hi

I'm trying to fix my friends computer which has some trojan viruses and lots of spyware. I've ran superantispyware multiple times and AVG for viruses. the spyware and viruses keep reinstalling themselves on startup and I would really appreciate some help. I've included a copy of the hijack this log below and would be very grateful for any help. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:57 PM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\V2VuZHk\command.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files... Read more

A:Solved: Trojan virus and lots of spyware, please help!!!

Read other 16 answers
RELEVANCY SCORE 61.2

Ever since i was infected last year, it has been getting progressively worse, going from winantivirus pro to other things like jack9 just a few days ago. I've scanned with Spybot, spysweeper, ad-aware, symantec corporate edition, etc., but nothing works, so here is the hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 4:55:10 PM, on 4/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\{9CD3E346-0BB0-1033-0115-040322060001}\Update.exeC:\PROGRA~1\Sony\SONICS~1\SsAAD.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows NT\Accessories\wordpad.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\jess\LOCALS~1\Temp\Rar$EX00.687&... Read more

A:Lots Of Spyware And Adware Problems On My Comp, Maybe A Trojan Too -_-

First, make sure HijackThis is run from its own folder, so the backups it creates are secure. Backups allow the restoring of fixed entries when necessary.On the Desktop, right click an empty area, select New > Folder, and name the folder Hijack This. place the HijackThis.exe file in it, and then run the program from its own folder from now on... ~~~~Next, please download the following to the Desktop:VundoFix.exe* Double-click VundoFix.exe to run it* Click: Scan for Vundo * Once done scanning, click: Remove Vundo * A prompt asking if you want to remove the files appears, click: Yes * The Desktop goes blank as it starts removing Vundo. * When completed, a prompt to shutdown the computer appears, click OK * Turn the computer back on.A log is created and found in C:\vundofix.txt!~~~~Also download SmitfraudFix (by S!Ri) to the Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract the files to the Desktop A folder named SmitfraudFix is created. We will use this program later.~~~~Download SDFix and save it to the Desktop.Right click the SDFix.zip folder Select: Extract All to extract it to its own folder on the Desktop. Leave it there for now.~~~~Start > Run, and type in the following commands one at a time and hit Enter after each line:sc stop ?COM+ Messages?sc delete ?COM+ Messages?~~~~Next, run HijackThis, ScanCheck box for the following entries if still showing on the log:R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - ... Read more

Read other 11 answers
RELEVANCY SCORE 60.4

A few days a go I had a message appear from AVG 6.0 for windows saying this:

---------------------------------------------

Virus
Trojan Horse Downloader.Keenval.C

is found in file
C:\System Volume Information\_restore{BD7176AB-15A2-46A7-9CC9-EC919C9F3986}RP17\A0001249.exe

To remove this virus please run AVG for windows

----------------------------------------------

I ran AVG and it managed to pick it up and apparently remove it. No more that two days later I recieve the same message and run AVG again, although now it seems it can't pick it up. This message is now constant, appearing at least once every 2-3 hours... is anyone able to provide some guidance on how to remove this virus?

My system is as followed:
Windows XP Professional
Version 2002
Service Pack 1

AMD Duron
946 MHz
192 MB Ram
If there is any other information needed to help solve this problem, please let me know. This is my last restort...
 

A:Trojan Horse Downloader.Keenval.C

Logfile of HijackThis v1.98.2
Scan saved at 7:02:26 PM, on 18/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
C:\Program Files\United Devices\UD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Courtenay\My Documents\Setup Files\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.... Read more

Read other 2 answers
RELEVANCY SCORE 60.4

Hi...started using this new Anti-Virus tool...AVG. When it ran, says I have 2 infected files, "Trojan Horse Downloaders .Keenval.K" Both from the same game site, both games on my desktop...offline play them all the time...from Game Rival, Skyblocks, Goldmine. AVG directed me to "move to the Virus Vault", quarantine I suppose. When I went to do this, have this error message in AVG that says they both cannot be removed! And no action is taken, still sitting on my hard drive. Norton, nor any other spyware, adware stuff I have going found these, have had the games on my system for about 2 years, if not more now.
My question is: what do I do with these files now? Do I go to Game Rival with this? AVG has no customer support, is a free program, just was trying something new. Now am worried I have these virus-in-waitings.
Wanted to post a "hijack this" log..but for some reason I cannot find the site it is in...even after searching in here...if someone could pass that info along to me..will be appreciated! Thanks for you help with this...really is appreciated...Leeann/parrotplay
 

Read other answers
RELEVANCY SCORE 60.4

My computer is running slow, pop ups galore, audio advertisements in the background. I ran AVG and it found this particular trojan. How do I get rid of it because my computer is still not right. Thank you in advance--Barb
 

Read other answers
RELEVANCY SCORE 60.4

When forced to recently, I've used 'unsecured' internet connection when traveling. Prior to doing so, I installed Hotspot Shield to ensure my security (along with my normal array of SpyBot, Avast!, etc.). Not sure if it's coincindence or not but my system seems to have a lot of excessive drive activity while online and seems to be getting slower each week. I do have access to the Windows System CD that came with my system (Dell Inspiron E1705 running Vista Home Premium (according to the 'properties' option on 'computer' under the START button - no service pack is installed/listed).

My question is: do I have spyware/trojan software that is chewing up my resources and/or a key logger or root virus?

Also: I noticed in the DDS report that somehow a peice of AVG is still in my system even though I uninstalled it

Thanks!
Here is my DDS report. I have attached the 'Attach.txt' and 'ark.txt' reports as well.


DDS (Ver_10-03-17.01) - NTFSx86
Run by ThePaw at 18:05:59.62 on Wed 07/21/2010
Internet Explorer: 8.0.6001.18904
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2046.1206 [GMT -4:00]

AV: AVG 7.5.476 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D... Read more

A:Lots of drive activity/slow system - Spyware/Trojan?

Bump, please

Read other 6 answers
RELEVANCY SCORE 60

Good Day,Can anyone help me with this as already cleaned up a lot but can't get rid of this trojan A0341715.CPY Downloader.keenval.0 Thank you in advanceLogfile of HijackThis v1.99.1Scan saved at 10:15:52 AM, on 3/6/2006Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGWB.DATC:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXEC:\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXEC:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXEC:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Sta... Read more

A:Infected With High Trojan Downloader.keenval.o

Hello ospy and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

What program is reporting the presense of the Downloader.keenval.0 infection and what file (and location) is it being reported in? Post back with the file name and the full path to the file and I will review the information when it comes in.

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 58.4

Problems with pop ups, slow computer, numerous things going on. AVG detected this particular trojan but still believe it is or somthing is still running in the background. How do I get this cleaned? Thank you in advance.
 

A:Trojan horse downloader.Keenval.C {Moved thread, needs assistance}

Read other 6 answers
RELEVANCY SCORE 57.6

Hi, my name's Katie and I'm having major virus/spyware,adware,malware removal issues! I

have a lot of different things going on here, and can't make any sense of it. I tried

following other people's solved threads, but they didn't solve my issues, so I guess I need

personalized help. I have Windows security running (well, I usually do when it's working

properly,) and I run Ad-Aware and Spybot regularly, but it appears that they cannot solve

my issue. Anyway, here's a list of things that have been happening to my computer since the

virus happened...

1. I KNOW the virus was contracted in AIM. An IM came in from a friend with only a link. It

didn't look suspicious to me, so I clicked it, and all of a sudden I had IMEd everyone in

my buddy list the link, and received about a million IMs back (didn't have time to read

them before My Computer's virtual memory ran out and crashed AIM on me.

2.When the computer starts up, sometimes a default background appears before the logon

screen with the user accounts appears.

3.After logon, the same thing in general happens every time. Spybot comes up with a bunch

of messages saying that there is a registry change to my homepage or something else

happening. I deny it, and it denies it over and over again to seemingly no avail. A .txt

file appears on the desktop. I have never opened this file, don't know what it is, and

delete it every time. My homepage is con... Read more

A:Solved: LOTS OF PROBLEMS WITH SPYWARE/MALWARE VIRUS! HELP HELP HELP! Lots of details!

Read other 16 answers
RELEVANCY SCORE 57.2

I use Windows XP Home And i use AVG and it showed that i had Trojan Downloader Keenval.B and Keenval.C I think there is that AVG did not pick up?Logfile of HijackThis v1.97.7
Scan saved at 6:46:45 PM, on 4/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\gearsec.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\PROMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.e... Read more

A:Please Help With Hijack log.Keenval.B and Keenval.C

Hi shoedoc

Welcome to TSG!

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

Restart to safe mode and delete:

The C:\Program Files\Common files\updater folder

How to start your computer in safe mode
 

Read other 1 answers
RELEVANCY SCORE 56.8

Hello Bleepers! You have helped me in the past and I am back. This time, this is my mom's computer and she didn't have a firewall (until now) and so this thing was infected beyond anything I have seen!I will be posting the log below, but first let me tell you a few things. I did follow the preparation instructions as best as I could, however, there were certain things I could not do.Ad-Aware:I kept running Ad-Aware and rebooting and it kept finding 50+ new critical items every time. I then disconnected the internet access to the computer and ran it. This way I got it down to 2 entries it said it couldn't removed and it couldn't remove them even after restarting.Spybot:A similar thing happened with Spybot, except I connected to the internet only to download the software and updates and disconnected to do the scan and fixes. Spybot also said it couldn't fix certain items, EVEN AFTER doing it during rebooting.I then ran HouseCall, Bit Defender and Avert Stinger (Panda was taking too long and I wasn't sure if it was stalled).Then, I installed ZoneAlarm and Finally ran HijackThis.Hopefully you can help me get this thing cleaned up and it top shape soon! Thank you in advance for all your help!------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 11:17:20 PM, on 8/21/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINNT\System32\smss.exeC:�... Read more

A:Infected By Lots Of Spyware. Get Lots Of Popup Windows!

Hello,We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.Click here to get Service Pack 1Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.After you have updated your computer to SP1, please restart your computer and post a new HJT log.

Read other 10 answers
RELEVANCY SCORE 53.2

My current operating system is Windows ME.
I recently ran a virus scan using "avast" and it was unable to remove 3 files:
C:\_Restore\archive\FS24.cab\A0001937.cpy (Adware-Keenval)
C:\_Restore\archive\FS24.cab\A0003185.cpy (Adware-Keenval)
C:\_Restore\archive\FS24.cab\A0003190.cpy (Trojan gen)
reported by "avast".

My Hijackthis log is as follows:

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\GIANT COMPANY SOFTWARE\GIANT ANTISPYWARE\GCASSERV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\GIANT COMPANY SOFTWARE\GIANT ANTISPYWARE\GCASDTSERV.EXE
C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\W... Read more

A:Solved: "Adware-Keenval, & Trojan-gen" Removal

Read other 7 answers
RELEVANCY SCORE 49.6

Spyware galore, ultra pop ups. never got this thing to run right since we got it back from Geek Squad in September. This has been about a week, and I was trying to take care of it myself but am running out of options. Would someone be able to take a quick peek at the logs? Very appreciated.

Ran the HJT, DDS, and GMER:

ASUST, Desktop CM1730 series, Windows 7 Home Premium, Service pack 1, AMD Athlon II X2 220 2.80 GHz, 6.00GB memory, 64-bit Operating system Processor.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:35 AM, on 12/8/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\HijackThis (1).exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Pag... Read more

A:Lots and Lots of Spyware pop ups.

Read other 16 answers
RELEVANCY SCORE 47.6

Hello, I just scanned my pc and I know it is just filled with goodies. Can someone please help me delete any and all spyware. I do use Adware, zonealarm, and have yahoo DSL. Thanks in Advance
Logfile of HijackThis v1.97.7
Scan saved at 11:05:18 PM, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\... Read more

A:Lots of spyware PLEASE HELP ME!!!!!!!!!!!!!!

Read other 6 answers
RELEVANCY SCORE 47.6

My sister came home and borrowed my PC over the thanks giving break. She downloaded a bunch of stuff, and left me the presant of tons of spyware!

Took me about 10 mins to get to this page... Random programs are installing themselfs, i all of a sudden have a new tool bar that I've never seen before, a new list is in my favorites menu or stuff i didn't even install.

I usually run adaware once a week, and it always comes out clean. yesterday i ran it and it found over 500 bugs. I cleared them all and did it in safe mode. No matter what I do i can't get rid of this! PLease help!!! I am begging! This is a recent hijack this scan

Logfile of HijackThis v1.98.2
Scan saved at 6:01:10 PM, on 11/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssorpk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common F... Read more

A:Help!!!!!!! Lots of spyware need help!

Read other 11 answers
RELEVANCY SCORE 47.6

Logfile of HijackThis v1.97.7
Scan saved at 6:07:23 PM, on 6/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\StoreFlag\dart trust.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\ACSSetup.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Rogers\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/index.html?http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Ex... Read more

A:Lots of spyware

Read other 10 answers
RELEVANCY SCORE 47.6

Logfile of HijackThis v1.99.1
Scan saved at 10:00:09 AM, on 22/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cusrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - De... Read more

A:Lots of Spyware

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when a reply has been made.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 47.6

I am trying to clean up a computer for a friend and it is super slow. Today I have uninstalled Norton and McAfee because they were slowing the computer down so bad. I've noticed MANY poker/casino entries in the programs list, and there are so many, I'm not sure how to get rid of them all! I've downloaded/run hijack this, so here is my log file. Please let me know how to proceed!

Thanks so much! Kristin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:14 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\lwinupdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tren... Read more

A:Help! Lots of Spyware I believe

Hi khorsed1018,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------


Quote:




Today I have uninstalled Norton and McAfee because they were slowing the computer down so bad.




No Wonder it was running slow... Running more than 1 anti-virus can slow down a computer. Please install only one active Anti-Virus, so that this computer is protected.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options &... Read more

Read other 16 answers
RELEVANCY SCORE 47.6

Hey just wonderin' if anyone could help me look over my Hijackthis log.. I have tonnes of spyware (I think), and it's making my computer really slow!! If anyone could help, it'd be appreciated! Thanks in advance!
P.s -- I have installed and ran Adaware 6.0..

Logfile of HijackThis v1.98.2
Scan saved at 11:15:26 AM, on 31/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Cle****arch\Loader.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\msbb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Fil... Read more

A:Need Help...Lots of Spyware!!!

For the first part of it, search for the process name in Google...ie for 'C:\Program Files\Softex\OmniPass\OPXPApp.exe' you search for 'OPXPApp.exe'. There are a few sites that have a directory of process descriptions on which you will be able to find some helpful information.

As for the second part, the following is what I can recognize as bad:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Micro... Read more

Read other 1 answers
RELEVANCY SCORE 47.6

Logfile of HijackThis v1.99.1
Scan saved at 4:36:33 PM, on 4/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\windows\system32\oreiekr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\packager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\ldtitk.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROG... Read more

A:Please help lots of spyware

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download FxIstbar and run it.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\windows\system... Read more

Read other 1 answers
RELEVANCY SCORE 47.6

Hi, can someone help me please i have no where else to look =D

when i scan with, Spybot and MSAnti Spyware i got many spyware, these include,

ISearchTech.PowerScan
ISearchTech.SideFindISearchTech.ISTToolbar
ISearchTech.ISTXXXToolbar
DyFuCa.InternetOptimizer
180SearchAssasitant
and a few more

no matter what i have done (removed them with all Adware removal programs such as AdAware) they still come back and i have random proccesses running up every often out of no where such as msnmssrg.exe etc and things like ftp.exe dwwin.exe - I dont know what else to do

Here is my hijacklog someone please help me and do you think it could of something to do with the network? like installed some secret firewall because whenever i try to do a newtwork i know get errors and it only just started when i got all this spyware,

i think its something like Win32.RBot something that installs things day after day because ive tried deleting regestry settings and the folders in the program files and it still doesnt work

so i come for some expert help =D

heres my HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 22:22:09, on 31/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS�... Read more

A:Spyware and lots of it

Hello RaxeN and welcome to BleepingComputer.Your log shows that you are seriously behind on windows updates. It is essential that you update your operating system as otherwise any infections we remove could reoccur. After we get you all cleaned up, be sure to go to Windows Update and if it asks to install software, allow it to do so. Install the offered Critical and Security updates, reboot as requested and return until you have installed all available Critical and Security updates.You have HijackThis running from a temporary or zip folder. Any backup files HJT creates during the repair process will not be secure if left in this folder.Create a folder on the C: drive called "C:\HJT". You can do this by opening My Computer then double click on Local Disk (C:). In a clear area right click and select New then Folder and name it "HJT". Unzip HijackThis into this folder. Please delete any other copies of HijackThis and run HJT only from this new folder.Open the Control Panel then double click on Add/Remove Programs. Look for the following and uninstall them if found:- 180solutions- InternetOptimizer- IST Toolbar- SideFind- SideSearchor anything named similar to what you have seen listed in other scansConfigure Windows to enable viewing of Hidden and System files. Reboot into Safe Mode.Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:O4 - HKLM\..\Run: [Main Board ... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

Im getting many pop ups and ads and my virus scanner finds around 4 trojans a day i remove the ones i can but they just come back, i would re install my windows but i have a custom pc and i do not have all the software for my parts.

Here are some that ive been getting
www.ameana.com
www.broadcaster.com
I've been getting the winantiviruspro and winantispywarepro ive used several spyware and ad removal software like XoftspySE, spywareblaster spybot search and destroy. but it just keeps coming back
Some Virus that im getting are
Trojanhorse Generic
Trojanhorse Collect and more like that but i cant remember them.

Here is my hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 16:19:45, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\a... Read more

A:Lots of spyware( i think)

1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 7 answers
RELEVANCY SCORE 47.6

helllo everyone!
i am getting lots of pop-ups for malicious software removal wizard etc,i am running adaware and spy bot ,they cant detect anything,i did panda scan and it detected more than 20 spywares,i am posting my hijack file,plz tell me what to do!
thanx in advance,im a new member i hope you guys would help me!

Logfile of HijackThis v1.99.1
Scan saved at 6:01:15 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\syst... Read more

A:Lots of spyware :(

Hi, PNECEngg.

Welcome to TSG.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

Hi - Could someone please help me and tell me what to do from here? I downloaded HijackThis and the log is below. Any insights?Thanks so much!Logfile of HijackThis v1.99.1Scan saved at 12:52:17 AM, on 11/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\Documents and Settings\Eric Pfeil\My Documents\Eric's\SFUninstaller.exeC:\Documents and Settings\Eric Pfeil\My Documents\Eric's\SFUninstaller.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\STOPzilla!\szntsvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\... Read more

A:Lots Of Spyware

--------------------------------------------------------------------------------------------------------------------Hello,It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!First, go to start > controlpanel > software > add/remove programs and uninstall next if present:SpyFighter This is a so called spyware remover with a bad reputation.I also see you have Viewpoint installed:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerPartypoker is also present on your system. In most cases this is getting installed without users knowledge, so I recommend you uninstall it if you don't use it.And I see Limewire and Kazaa. Both are known P2P programs which are bundled with spyware. Even Kazaa lite is, although they say they are not. That's why I strongly recommend you uninstall them as well.Read this article for alternatives that will provid... Read more

Read other 5 answers
RELEVANCY SCORE 47.6

Thanks in advance! I am having lots of spyware and random ads, my homepage being changed, popups etc! I'll be honest, I visited some 'naughty' sites (usually don't hurt, but I guess I accidently clicked some links, yadda yadda yadda, I went to teh BAD 'naughty' sites.

Logfile of HijackThis v1.97.7
Scan saved at 11:26:04 PM, on 5/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SERVICES\WMPLAYER.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\APPLICATION DATA\OBRB.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\PRITOM\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=129825
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=129825
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\search.html
R1 - HKCU\Software\Microsoft\Internet Explo... Read more

A:Can someone look at my HJT, I'm getting lots of spyware..

Yes..............you have a hatful of baddies in there.....no firewall and no antivirus program..no wonder

Go to http://computercops.biz/downloads-cat-14.html , and download the latest version of CWShredder by Merijn Bellekom, the creator of Hijack This.
Run it, press 'Fix', and allow it to fix all it finds.
And remember to click "Fix" (Not "Scan only")
After its done its thing hit the"How do i prevent reinfection" tab....
In particular pay attention to the patches for the operating system regarding the ByteVerify vulnerability which is how you got infected in the 1st place.

When it is finished restart your computer.

Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows re... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

When i run spybot s&d it picks up a lot of spyware. also avg sayas there is a trojan in the machine. I am also getting a lot of pop-ups. please help. thanks.


Logfile of HijackThis v1.99.1
Scan saved at 8:38:25 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C... Read more

A:Lots of spyware

Hello and welcome to TSF

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you. Please allow it.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 4 answers
RELEVANCY SCORE 47.6

Hello! I'm experiencing a browser hijack, lots of pop ups coming up on almost every other page I visit, and major computer slowdown. I tried running CWShredder, but it didn't seem to do much. I ran Hijack This... maybe someone can make sense of this log. Any help would be greatly appreciated, thanks.
Logfile of HijackThis v1.97.7
Scan saved at 2:08:31 AM, on 2/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\Program Fi... Read more

A:Need help.. lots of spyware

Read other 11 answers
RELEVANCY SCORE 46.8

Hi guys. First time poster so please bare with me. A couple of days ago i successfully removed a few spyware and trojans from my gfs computer. However in doing so I seem to have infected mine with a lot more. I honestly have no idea where they came from...probably a rogue anti-spyware download or something like that. Im getting more infections by the day and I cant seem to get rid of them. I have followed the 5 recommended steps before posting here however the panda online antivirus would not work for me. It kept saying error during update and I could'nt proceed any further. Im getting lots of random pop ups in both IE and Firefox. Plus a frequent 'buffer overrun' which is incredibly annoying. The original infections that spybot detected are the following:

MediaPlex
Virumonde
Zango
Zlob.Downloader.oid
Zlob.Downloader.vdt


I have run spybot more than once and it keeps finding occurences of the same spyware so im assuming it just cant remove them. Any help would be appreciated. Here is my DSS log:

Deckard's System Scanner v20071014.68
Run by Sam on 2008-04-29 11:26:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-04-28 21:29:09 UTC - RP326 - Scheduled Checkpoint
8: 2008-04-27 23:14:41 UTC - RP325 - Removed iTunes
7: 2008-04-27 02:29:34 UTC - RP324 - Windows Update
6: 2008-04-26 2051 UTC - RP323 - Scheduled Checkpoint
5: 2008-04-24 21:17:20 UTC - RP322 -... Read more

A:Help, lots of spyware infections!

Hello, Welcome to TSF
I'm nasdaq and will help you.

Familiarize yourself with this combofix tool.
http://www.bleepingcomputer.com/comb...o-use-combofix

It's IMPORTANT to carry out the instructions in the sequence listed below.
***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

Please Note:

1. Disconnect from the internet. Unplug the cable from the wall.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Read other 1 answers
RELEVANCY SCORE 46.8

Hi i have lots of viruses and spyware, it would be greatly appreciated if someone could help me clean out my laptop, i did a hijackthis scan as well as a kaspersky, combofix and bitdefender scan onlything is the kasper sky scan is like 2 weeks old, but the laptop wasn't use alot in the time period




-heres my combo fix log




ComboFix 07-08-07.6 - "Rosa Mannarino" 2007-07-21 23:59:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.117 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ie.exe
C:\mc-110-12-0000204.exe
C:\temp.exe


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-21 23:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-21 22:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 22:56 <DIR> d-------- C:\DOCUME~1\ROSAMA~1\APPLIC~1\Bitdefender
2007-07-21 22:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-12 12:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-12 12:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-12 01:39 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-12 01:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-12 01:29 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-06-29 20:28 <DIR> d-------- C:\Program Files\... Read more

A:Lots of viruses and spyware

there was to much texts for the post to im adding my bitdefender log in another post sorry





//-----------------------------------------------------------------
//
// ProductBitDefender Antivirus Plus v10
// Product10.0
//
// Created on: 21/07/2007 23:03:28
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\WINDOWS
C:\Program Files
Folders : 5251
Files : 32426
Memory processes scanned : 0
Archives : 0
Runtime packers : 2601
Identified viruses : 7
Infected files : 10
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 4
I/O errors : 5
Scan time : 00:29:24
Scan speed (files/sec) : 18

Virus definitions : 482523
Scan plugins : 15
Archive plugins : 42
Unpack plugins : 5
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[ ] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[X] Programs
[ ] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[ ] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profi... Read more

Read other 1 answers
RELEVANCY SCORE 46.8

The other day I got ahold of some spyware and its completely trashed my comp. I keep having my desktop changed to something saying I have a spyware problem, my homepage pops up as a spyware page, and I get nonstop spyware popups. Any help to get this thing clean would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:06 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE... Read more

A:Lots of Spyware problems

You have a MESS!!!!!! - Do ALL of the following

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum
=====================

NOTE: If you have downloaded ComboFix previously please delete that ... Read more

Read other 2 answers
RELEVANCY SCORE 46.8

Logfile of HijackThis v1.97.7
Scan saved at 9:11:10 PM, on 6/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\documents and settings\christine page\local settings\temp\zYu0JQU8.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\ntpconv.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\... Read more

A:lots of spyware...hijackthis log

Read other 9 answers
RELEVANCY SCORE 46.8

Hi everyone.. hope you guys can help. My sister recently borrowed my pc and downloaded a bunch of stuff... Now I have tons of spyware that i cant ge rid of. I run updates for ad aware se and spy bot... they pick up tons of stuff, and i delete them and fix the problems. This ad ware likes to randomly install programs on my pc, I uninstall them find the files and delete them, then as soon as Im hooked back up to the internet like to re install themselfs. lol this has been a fustration! I've been trying to get rid of all this for over a month now. Even brought my pc to bestbuy they said they fixed it and once again I hooked up to the internet and everything reinstalled itself and pop ups galore. My favorites on IE even get infected also saying I have alot more favorties than I really do.Someone, please help...here is a current HJT log:Logfile of HijackThis v1.98.2Scan saved at 4:53:05 PM, on 12/19/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr... Read more

A:Help hijack this. lots of spyware

Please uninstall from Add\Remove Programs, if found:WinToolsVirtualBouncerDownload Ad-aware SE 1.05: hereInstall it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer Download System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop.Install the program. Don't use it yet.Download, install and UPDATE SpyBot Search & Destroy.Using Spybot - Search & Destroy to remove Spyware from Your Computer Download, install and update Spyware Blaster. Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeRun AdAware, press the "Start" button, uncheck "Scan for negligible risk entries", select "Perform full system scan" and press "Next". Let AdAware remove anything it finds.Run SpyBot Search & Destroy and remove anything it finds.With all windows and browsers closed.Clean out temporary and Temporary Internet Files.A. Open System Security Suite.B. In the Items to Clear tab thick:- Internet Explorer (left pane): Cookies & Temporary files- My Computer (right pane): Temporary files & Recycle BinPress the Clear Selected Items button.Close the program.REBOOT ... Read more

Read other 1 answers
RELEVANCY SCORE 46.8

I have pop ups everywhere!! Can anyone offer any suggestions? My hijack this log is attached:

Logfile of HijackThis v1.99.1
Scan saved at 2:24:25 PM, on 6/2/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hidserv.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\hpnra.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTr... Read more

A:Newbie need help with lots o' spyware!!

Hello kbainzy and welcome to TSF,

Download and install CleanUp http://cleanup.stevengould.org/
Download KillBox http://www.atribune.org/downloads/KillBox.exe
Download rkfiles http://skads.org/special/rkfiles.zip and unzip the contents to a new folder on your desktop.

Download the remv3.zip at http://forums.skads.org/index.php?showtopic=80 (look for the attachment posted in that second reply). Make a new folder on the root drive C:\ and unzip remv3.zip files into it.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Run CleanUp program now and logoff.

REBOOT TO SAFE MODE. These tools MUST be run in safe mode!
Once in safe mode, double click rkfiles.bat file to run it. It will scan for a while, so please be patient. Wait until the DOS window closes. Open the C:\log.txt it created and rename it log1.txt.

Now open the folder where you saved remv3.zip files and double click the rem.bat file and let it run. It will delete the files and remove the infection and then make a log of the files it finds. The log file will be C:\log.txt and bad1.txt

**Note** Each tool uses log.txt as it?s output file so make sure you save the entries from one tools log before running the other as it will overwrite the file if you don?t.

Reboot back to normal mode and post the contents of both the log.txt and log1.txt in your next post... Read more

Read other 1 answers
RELEVANCY SCORE 46.8

any help would be greatly appreciated!
Logfile of HijackThis v1.99.1
Scan saved at 2:10:10 AM, on 4/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\conime.exe
C:\Documents and Settings\Cheryl\Desktop\HijackThis.exe

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Se... Read more

A:help. lots of spyware! (HJT included)

Read other 16 answers
RELEVANCY SCORE 46.8

I ran hijackthis. Can someone please view my results and tell me which files I want to get rid of and ways to do so. Thanks for all the help!
Logfile of HijackThis v1.97.2
Scan saved at 5:14:03 PM, on 9/17/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\rundll16.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ClientMan\mscman.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\ClientMan\msckin.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Intuit\QuickBooks\Q... Read more

A:Lots of spyware....help cleaning it up

Read other 10 answers
RELEVANCY SCORE 46.8

I have a lot of viruses, and spyware/malware...etc ...I keep getting unauthorized downloads onto my desktop and my computer is loading incredibly slow....

Here is an HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:23 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:... Read more

A:Lots of viruses/spyware/ads...etc Please HELP

I don't see any anti-virus software running.
Load AVG it's free.

Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running ... Read more

Read other 1 answers
RELEVANCY SCORE 46.8

Help, I have win xp Pro, with sp2.
Seem to be infected with a lot of spyware, which causes my homepage to change, if it will open at all, messages under the toolbar telling me i am infected with spyware, (click here for free scan) if i run the cursor under the message, the name Virprotect shows up on the bottom left taskbar. Also the symbol like microsoft protection centre shield shows up on the bottom right task bar saying i have spyware. When the pc boots up i am also getting the found new hardware box, although there is nothing new added and all the hardware seems fine. I have followed the guide on this forum to submit a thread with the dss log and hope you may be able to help me.

Deckard's System Scanner v20071014.68
Run by Robert on 2007-12-13 15:14:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2007-12-13 15:14:48 UTC - RP351 - Deckard's System Scanner Restore Point
50: 2007-12-13 15:02:34 UTC - RP350 - Software Distribution Service 3.0
49: 2007-12-11 22:23:39 UTC - RP349 - System Checkpoint
48: 2007-12-10 21:35:55 UTC - RP348 - Cleaned registry with Windows Live OneCare safety scanner
47: 2007-12-09 19:17:57 UTC - RP347 - System Checkpoint


-- First Restore Point --
1: 2007-11-06 06:57:53 UTC - RP301 ... Read more

A:Lots of Spyware, Virprotect

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

---------------------------------------------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 46.8

ran spybot and cleaned what it found but still have lots of spyware popups and messages
hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:21, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:... Read more

A:lots of spyware and popups

====================================================

Hello! You are infected!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

====================================================

Read other 5 answers
RELEVANCY SCORE 46.8

Well after letting my sis for 5 minutes on my computer I ended up having TONS of spyware.

I ran multiple scanners, updated em all but some problems dont go away and after every reboot other spyware seems to be present. Basically I could really use a helping hand from u guys so I was hoping I would get just that :)

Heres the HJ log (if theres anything wrong with my opening post pls go easy on me, im a n00b on your boards...I have read the FAQ however.)

Logfile of HijackThis v1.99.0
Scan saved at 23:48:28, on 23-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\windows\system32\ruqvarm.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system32\packager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Pag... Read more

A:Sister cause of lots of spyware on my pc :(

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

You should clear out the files in the Prefetch folder. Dow... Read more

Read other 19 answers
RELEVANCY SCORE 46.8

Problem: Internet Explorer won't open any webpages. There's something (I believe it's some kind of spyware) that's redirecting all the web pages to diffrerent places (on the status bar, it's going from one website to another when I type in one website, like google). I did many spyware scans and many anti-virus scan, and removed alot of spywares already, but it's still not clean. Please help! Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:10 PM, on 5/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\Common Files\New... Read more

A:Lots of spyware in the computer! Help!

I know I shouldn't do this, but I did a new scan with HiJackThis and here's a new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:33 PM, on 5/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\QvodPlayer\QvodTerminal.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Canon\CAL\CA... Read more

Read other 2 answers
RELEVANCY SCORE 46.8

i constantly get many, many popups, any help would be appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:26:54 PM, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Documents and Settings\Emma\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\explorer.... Read more

A:Lots of spyware/popups, please help

Please do the following:

Download & immediately run - L2MFix.exe
Click "Install" to extract the contents to a newly created folder.

Close any programs you have open since this step requires a reboot.From the l2mfix folder, double click l2mfix.bat
Select option #2 for Run Fix by typing 2 and then pressing enter ONCE.
Do NOT depress any keys on your keyboard until the tool request you to "press any key to reboot"

On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt.

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

Read other 10 answers
RELEVANCY SCORE 46.8

Can someone look at this log? I tried another forum and the problems got much worse. I've run the latest Ad-Aware, Spybot (is there a DSO Exploit addin?) and CWShredder at each reboot - they find the same numerous things that just won't go away:

Logfile of HijackThis v1.97.7
Scan saved at 2:35:20 AM, on 4/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.... Read more

A:Help! Lots of spyware yesterday!

Read other 13 answers
RELEVANCY SCORE 46.8

This morning I was watching an informercial and I went to that product's
website and it downloaded (without me consenting to anything!) a bunch of junk on my
computer. A popup came and said "Install WebBuy" (I think that was the name of the
program). I figure it was asking you if you wanted to install it. So I closed it.

It proceded to install a bunch of programs on my computer. I tried using Ad-Aware SE
and Window Washer to get rid of them. I also deleted some of the files but they continue
to show up in my computer. I see them in Start up, I delete them and when I restart my
computer they are back again!

The two programs that keep coming up in Start Up are "TA_Start" and "Think_Adz". Also,
when I go to restart my computer I get a program not responding error for "BRDR" which
I read is also Spyware.

I was surprised I was even able to get online to post for help because at first, for a
while I was unable to even connect to the internet.

I use Windows XP and Internet Explorer version 7.

If anyone could please help me to get this junk of my computer, it would be *really* appreciated.

Thank you!
 

A:Please help with lots of spyware on computer! Can't get it off!

Also wanted to add:

I tried using System Restore but it would not allow me to go back to any other date except today. I could not go back to any other months and today's date was the only one I could click on.

Here is what I got from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 4:20:59 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Viewpo... Read more

Read other 1 answers