Over 1 million tech questions and answers.

Infected By Lots Of Spyware. Get Lots Of Popup Windows!

Q: Infected By Lots Of Spyware. Get Lots Of Popup Windows!

Hello Bleepers! You have helped me in the past and I am back. This time, this is my mom's computer and she didn't have a firewall (until now) and so this thing was infected beyond anything I have seen!I will be posting the log below, but first let me tell you a few things. I did follow the preparation instructions as best as I could, however, there were certain things I could not do.Ad-Aware:I kept running Ad-Aware and rebooting and it kept finding 50+ new critical items every time. I then disconnected the internet access to the computer and ran it. This way I got it down to 2 entries it said it couldn't removed and it couldn't remove them even after restarting.Spybot:A similar thing happened with Spybot, except I connected to the internet only to download the software and updates and disconnected to do the scan and fixes. Spybot also said it couldn't fix certain items, EVEN AFTER doing it during rebooting.I then ran HouseCall, Bit Defender and Avert Stinger (Panda was taking too long and I wasn't sure if it was stalled).Then, I installed ZoneAlarm and Finally ran HijackThis.Hopefully you can help me get this thing cleaned up and it top shape soon! Thank you in advance for all your help!------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 11:17:20 PM, on 8/21/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\System32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\ZoneLabs\vsmon.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\Explorer.EXEC:\WINNT\mvzzbbdA.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Messenger\msmsgs.exeC:\Corel\Suite8\Programs\DAD8.EXEC:\WINNT\system32\spoolsv.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINNT\System32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\System32\lnehb.exeF2 - REG:system.ini: UserInit=userinit.exe,vjlllsk.exeO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - HKLM\..\Run: [mvzzbbdA] C:\WINNT\mvzzbbdA.exeO4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\uendbn.exe reg_runO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXEO4 - Global Startup: gameutil.exe.lnk = C:\program files\ati technologies\redline\gameutil.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Nero\InCD\InCDsrv.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

RELEVANCY SCORE 200
Preferred Solution: Infected By Lots Of Spyware. Get Lots Of Popup Windows!

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected By Lots Of Spyware. Get Lots Of Popup Windows!

Hello,We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.Click here to get Service Pack 1Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.After you have updated your computer to SP1, please restart your computer and post a new HJT log.

Read other 10 answers
RELEVANCY SCORE 98.4

Hi, my name's Katie and I'm having major virus/spyware,adware,malware removal issues! I

have a lot of different things going on here, and can't make any sense of it. I tried

following other people's solved threads, but they didn't solve my issues, so I guess I need

personalized help. I have Windows security running (well, I usually do when it's working

properly,) and I run Ad-Aware and Spybot regularly, but it appears that they cannot solve

my issue. Anyway, here's a list of things that have been happening to my computer since the

virus happened...

1. I KNOW the virus was contracted in AIM. An IM came in from a friend with only a link. It

didn't look suspicious to me, so I clicked it, and all of a sudden I had IMEd everyone in

my buddy list the link, and received about a million IMs back (didn't have time to read

them before My Computer's virtual memory ran out and crashed AIM on me.

2.When the computer starts up, sometimes a default background appears before the logon

screen with the user accounts appears.

3.After logon, the same thing in general happens every time. Spybot comes up with a bunch

of messages saying that there is a registry change to my homepage or something else

happening. I deny it, and it denies it over and over again to seemingly no avail. A .txt

file appears on the desktop. I have never opened this file, don't know what it is, and

delete it every time. My homepage is con... Read more

A:Solved: LOTS OF PROBLEMS WITH SPYWARE/MALWARE VIRUS! HELP HELP HELP! Lots of details!

Read other 16 answers
RELEVANCY SCORE 90.4

Hello, I was wondering if anyone could help me out, my computer has been dead for a long period of time, due to video card failure, so i just got it back up and running, ran a hijack this, and this is what iv'e found..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:34 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\WINDOWS\system32\dllhost.exeC:\Documents and Settings\justin\Local Settings\Application Data\CCP\EVE\c_program_files_ccp_eve_tranquility\cache\eveclassictopremiumpatch51200.exeC:\P... Read more

A:Infected By Lots Of Spyware/malware Xp

ofyjustin

Sorry for the delay. Could you post a fresh Hijackthis log please?

Read other 16 answers
RELEVANCY SCORE 88.4

Bitdefender Total Security 2011, Real Time Protection Disabled (WINDOWS XP >Says I have NO Anti-Virus) I really need help and I can't seem to find any. Its really making me sick..
Watch this
‪Bit Defender Total Security 2011 Real Time Protection Disabled‬‏ - YouTube

(This is all I know, and I DID A FRESH Install of my OS and formatted my pc well I did the Format then re-installed my OS then installed BD). That my good sir is when I hit a brick wall!!!

Operating System
MS Windows XP Home 32-bit SP3
CPU
AMD Athlon XP
Thoroughbred 0.13um Technology
RAM
2.00 GB DDR @ 133MHz (2.5-2-2-6)
Motherboard
MICRO-STAR INTERNATIONAL CO., LTD MS-6390 (Socket A) 26 ?C
Graphics
COMPAQ FP7317 ([email protected])
S3 Graphics ProSavageDDR
Hard Drives
78GB Seagate ST380011A (PATA) 36 ?C
Optical Drives
HP DVD Writer 1040r USB Device
LITE-ON DVDRW SHW-160P6S
Audio
Realtek AC'97 Audio for VIA ? Audio Controller

Operating System
MS Windows XP Home 32-bit SP3
Windows Security Center
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Firewall
Firewall Enabled
Company Name BitDefender
Display Name BitDefender Firewall
Product Version 14.0.30.357
Antivirus
Antivirus Enabled
Company Name BitDefender
Display Name BitDefender Antivirus
Product Version 14.0.30.357
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $
Da... Read more

A:[SOLVED] Lots and lots of trouble with bitdefender and windows xp..

In Bit Defender, do a Live Update of your virus and software definitions. That should update you to the latest version. Or post to their forum, you will get a better response then in this general Microsoft Forum. or better yet, uninstall it and use Avast Free version and or Microsoft Security Essentials.

Read other 15 answers
RELEVANCY SCORE 86

Hi,While working on internet i receive a lot of popup windows in Internet Explorer windows (listed below) every minute or two and i m not been able to get rid of all these. If anyone can help me I will be very greatful to him/her.I am using Windows98 OS. I have tried Adware SE, Stopzilla, Spyware remover, noadware, popupblocker, popupfree, popupstopperfree, spybotsd14, SpySifter, vx2cleaner, spygate firewall, but to no help.Any other information you require please let me know.Following are some of the popup windows (IE)://popunder.paypopup.com/adsDirect.php?ban=&id=BundleWare&cid=1569722&sid=23782&cpm=&tid=&campaign=&type=&ref=&rurl=&clater=&defurl=//www.buyer-shabit.com/normal/yyy102.html//www.dealiotoday.com/normal/yyy65.html//www.mediapurchases.com/normal/yyy65.html//www.realcoupon-s.com/normal/yyy65.html //www.uniqueoffer-s.com/normal/yyy102.html//www.blow-outsales.com/normal/yyy102.html//www.inter-netsuggestions.com/normal/yyy102.html//www.hug-ediscounts.com/normal/yyy102.html]http://www.hug-ediscounts.com/normal/yyy102.html[/url]//www.ecommerc-e.com/normal/yyy65.html//www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={8588E5F7-4ED9-C5B7-C050-9B591022DDCD}&type=normal&mSkip=1&rnd=21922//www.ebay.in/-------------------------------------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 6:23:48 PM, on 3/14/06Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 (6.00.2600.... Read more

A:Ie6 Ad-w-a-r-e And Lots More Popup Windows(new Hijack Log File Attached)

Hello ashishdabas and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download Cwshredder.exe and save it to a folder of its own. Start the program and click on the Check for Update button. If an update is available then download and install it. Close the program (do not run it yet).Download AboutBuster.zip and unzip it to its own directory. Download CCleaner and install it but do not run it yet.Now physically disconnect from the internet (unplug the telephone or broadband cable from the computer).Step #2Restart in Safe ModeRestart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmR0 - HKLM�... Read more

Read other 5 answers
RELEVANCY SCORE 84.8

Spyware galore, ultra pop ups. never got this thing to run right since we got it back from Geek Squad in September. This has been about a week, and I was trying to take care of it myself but am running out of options. Would someone be able to take a quick peek at the logs? Very appreciated.

Ran the HJT, DDS, and GMER:

ASUST, Desktop CM1730 series, Windows 7 Home Premium, Service pack 1, AMD Athlon II X2 220 2.80 GHz, 6.00GB memory, 64-bit Operating system Processor.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:35 AM, on 12/8/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\HijackThis (1).exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Pag... Read more

A:Lots and Lots of Spyware pop ups.

Read other 16 answers
RELEVANCY SCORE 83.6

I just had my computer fixed in another thread not too long ago. However, I have a new problem and I don't know the cause or root of it. Lots and lots of pop up ad windows open at once randomly. Please help.

Thank you.

A:lots and lots of pop up ad windows open at once

If you haven't already, download, install, update immediately, then run AdawareSE. Make sure to customize the settings in Ad-aware for better scan results.

Then download, install, update immediately then run Spybot S&D.

Have each fix whatever problems they may find.

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.sfx.exe and run it. Uncompress the file and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Run a scan using Panda ActiveScan . Be sure to select any AutoClean Feature. Post the log from the Panda scan here.

Then get HijackThis . This program will help us determine if there are any spyware/malware on your computer. Run the scan, save the log, but do not fix anything yet. Many files it finds are harmless, and required for your system to operate.

Post your log here

Read other 19 answers
RELEVANCY SCORE 81.2

Hi!
Have used BC over the years, and always found you guys to be extremely helpful, knowledgeable, and efficient.  Always happy to recommend you to others. Uninstalle the ASPCA we-care virus with revo uninstaller.
 
My Norton is down, I know; my dad gave me the box with his Norton, but the code was cut out.  Working on getting Norton up and running again.
I paste dds and attach the attach, as requested.
---Mark Miner
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by mark miner at 13:35:13 on 2014-10-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2934.1428 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C... Read more

A:slow; lots of "program not responding,"lots of "this page can not be displayed."

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

Read other 10 answers
RELEVANCY SCORE 81.2

dell inspiron 6000
running xp pro
here is HiJackthis list
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:20 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Co... Read more

Read other answers
RELEVANCY SCORE 81.2

Hi all,

I need some help fixing my computer and getting rid of a malware/spyware/trojan/virus.

When I start my computer I see lots of IEXPLORE.EXE process being run (by the user) under the processes in task bar.

Then i also see cmd.exe using 99% of my CPU.

i have attached the HijackThis log and the ComboFix log with this.

Please help.
Thanks
Kamal


**********HIJACKTHIS LOG**********

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:25 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\u... Read more

A:lots of IEXPLORE.EXE without any IE window open and cmd.exe eats up lots of memory

Hello,

ComboFix is frequently updated.

Please delete your existing version. Grab a new copy from one of the links below.

This machine does not have the Windows XP Recovery Console installed.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

---------------------------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please do this:
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

For you, it would be:

Microsoft Windows XP Professional Service Pack 2

http://www.microsoft.com/downloads/d...displaylang=en



Download the file & save it as it's originally named, next to ComboF... Read more

Read other 1 answers
RELEVANCY SCORE 81.2

Hello everyone

I've been getting this error again and again, and my computer is hungup or BSOD after awail...

Do you know what can I do to fix it? Or what the problem is??
Thank you!!


Asrock X58 Supercomputer bios 3.10
i7 920 (bloomfield) @2.67ghz -1.128vol.
Corsair 12GB (6X2GB) @1333
1st PCIE - Nvidia GeForce 9800GT
2nd PCIE - Nvidia GeForce 9500GT
3rd PCIE - Nvidia GeForce 8800GS
4th PCIE - Nvidia GeForce 8800GS

RAid5 4X 500GB Seagate ST3500410AS
1X 500GB WD500AAKS
TSST Corp CDDVDW SH-S203p

Realtek PCI-e GBE (onboard)
Realtek PCI GBE (1st PCI)

==========================================================================================
if the 2nd onboard Realtek Pcie gbe is Active I get this error
Driver PCI returned invalid ID for a child device (01000000684CE00000)
and after a will I get BSOD


The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800d488038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\071410-48359-01.dmp. Report Id: 071410-48359-01.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2&l... Read more

A:Lots of BSOD & Hungup - Lots of Event17 WHEA-Logger

Hi,

Please follow these instructions: http://www.sevenforums.com/crashes-d...tructions.html

Attach the .zip file to your next post in this thread.

Btw, have you seriously got 4 graphics cards in your computer!

Regards,
Reventon

Read other 3 answers
RELEVANCY SCORE 80.4

I was here recently with an infected desktop. That issue couldn't be resolved so I borrowed a laptop. It is also showing signs of infections and I wanted to start here first before doing anything on my own. It runs windows 7, firefox is my browser.
Thanks for any help.

A:Laptop infected, lots of new windows pop up

Hmmm....bad luck seems to follow you lol . I don't see a link to a previous post so I'll start from scratch.
 
What antivirus and antimalware do you use, if any?
 
Was any software installed around the time of the infection?
 
Can you identify any software names in the popups? Example- Windows Prime Shield, MyPCBackup, PC Optimizer Pro, etc.
 
Do you have DomaIQ installed? (Check Add/Remove Programs)

Do you download from torrent sites? Play online games?
 
Try installing and running Speccy to get a list of your systems info to post here.

Read other 15 answers
RELEVANCY SCORE 80.4

Summary:

Lots of errors in Windows XP immediately after fresh install following a format.

PC Spec

AMD Athlon 3200+ XP
Radeon x800 XT PE VPU 256 mb
1024mb DDR 400 3200 RAM
2x 160gb HDD, 7200 rpm blah blah
Audigy 2 ZS Sound Card, Creative SB
Wireless Internet Connection (D-Link Wireless Router, 2.2mbps connection)
2x Optical Drives, DVDRW 4x, CDRW 50x

Problems Encountered

1) Windows Installation : Various files cannot be copied and/or not copied correctly. Giving blue screen of [enter] retry, [esc] skip or F3 to abort installation. Files constantly failing to copy : cyycoins or something, lots of .chm files, too many to mention. Curious thing is, same problems for both optical drives and both HDDs, varying both for many installations.

Eventually I held down [enter] and the files went in, well some didn't but Windows booted fine.

2) Warhammer Dawn of War : Winter Assault. wh40k.cab is corrupt. Changed optical drives during installtion, installed fine. Could be hardware issue with my cdrom?

3) Same game, when playing will crash to desktop. No error message sometimes, no indication of crash (no freezing or warning sounds or stuttering, just flat out BOOM, .exe gone. Sometimes error message appears to send error report, sometimes doesn't. Occurs while under load (heavy gameplay) and while idle (like leaving it in menu for ages. Go away to get food, come back game gone, only desktop)
I thought this could again be CDROM issue, with the copy protection not keeping th... Read more

A:Lots and lots of XP errors : Random program crashes etc etc.... >:¦

Read other 6 answers
RELEVANCY SCORE 80.4

Im getting a rediculous amount of popups!Logfile of HijackThis v1.99.1Scan saved at 12:05:58 AM, on 20/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\COMMON~... Read more

A:Hi Guys, Getting Lots And Lots Of Popups, Driving Me Insane

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 4 answers
RELEVANCY SCORE 80.4

since a week I have been getting the following spybot alerts whenever I boot up my computer. I keep denying the change, but not sure what to make of it. I don't think it's any good.

Spybot Search & Destroy
Category: winlogon
change: value deleted
entry: Shell
old data: c:\recycler\s-1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windoes\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32\velplsme.exe
new data: (blank)

Spybot Search & Destroy
Category: Winlogon
Change: Value Change
Entry: TaskMan
Old data: c:\recycler\s-1-5-21-0644449550-9642043494-812783143-2613\pv8g67.exe
New data: C:\RECYCLER\S-1-5-21-9516793152-0396749843-580062649-1820\pv8g67.exe

Spybot Search & Destroy
Category: System Statup user entry
Change: Value added
Entry: qplsec
Old data: (blank)
New data: c:\windows\system32\qwmmmse.exe

Spybot Search & Destroy
Category: Winlogon
Change: value changed
Entry: Shell
old data: c:\recycler\s\1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windows\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32,velplsme.exe
new data: c:\recycler\s-1-5-21-9516793152-0396793152-0396749842-580062649-1820\yv8g67.exe, c:\reclycler\1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windows\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32\velplsme.exe

Spybot Search & Destroy
Category: winlogon
change: value cha... Read more

A:Spybot is detecting changes in Winlogon, lots and lots of blacklist pop ups

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:37 AM, on 10/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dash\4990891\Program\ServiceWrapper-4990891.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\The Sabre Group\Sabre32\Cfgsrvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Interactive Intelligence\I3UpdateSvcU.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NAVCOLR.EXE
C:\Program Files\NDAS\System\ndassvc.exe... Read more

Read other 1 answers
RELEVANCY SCORE 80.4

Hi,
 
I sure need help  --- I do not know how to deal with viruses, trojans, spyware, etc.
 
My husband and I were traveling. We had to use public Wifi places to check our email on our laptop. when we got home and checked our email accounts on our laptops, we found some really weird looking email messages. I 'think' my husband opened one that had his name in the Subject line, but we deleted all he other ones that looked strange. We did not open those emails, just deleted them.
 
Now all 3 of our computers are doing really weird things. I have run scan after scan after scan, both downloaded one and online ones. Sometimes they find problems and fix them. sometimes the scans find nothing. Yet our problems just seem to be getting worse and worse. I DESPERATELY need a lot of help.
 
I know it would be very confusing to try to work on all 3 of our computers at once so maybe we can start with my husband's desktop computer.
 
I am currently running Avast on it and it has been running for hours. It is find TONS of things like these ----
 
"...is infected by win32:Funweb-K [Pup}"
 
"...is infected by JS: ScriptIP-inf [Trj}
 
etc, etc, etc.
 
 
 
I have very little knowledge of how to fix a computer problem and no idea what to do. And I have absolutely NO idea how our desktops became infected from our lap top.
 
 
Is anyone willing to help me? I know it is bad and will probably take a long time to fix, but I need help... Read more

A:Used public WiFi - LOTS and LOTS of problems now - Newbie needs help

CORRECTION to my post above -
 
When I said "when we got home and checked our email accounts on our laptops", i meant to say our deaktops, not laptops.We have 2 desktop computers and 1 laptop. They are all infected badly.

Read other 25 answers
RELEVANCY SCORE 80

Ran adware SE
spybot
spyblaster
ie-spyad
script defender
ewido
can't get the norton to work I want to uninstall it, my friend didn't ativate it in time so I am goiing to have to call and get some stuff done but I would really appreciate someone reading this log for me. I will watch for an answer, Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:04:30 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~4\NORTON~3\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\NORTON~3... Read more

A:Solved: Windows XP HOME SP2-HJT LOG HAD LOTS OF ADWARE-SPYWARE GETTING IT CLEAN CAN SOMEONE R

Read other 16 answers
RELEVANCY SCORE 80

I have ran the HijackThis Analyzer and have the results below. I am using xp pro. Please Help.


Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associat... Read more

A:Lots of popup issues in IE.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Download CWShredder and run it. Click on 'I Agree' button... Read more

Read other 3 answers
RELEVANCY SCORE 79.6

Here's the reports I ran initially:

SmitFraudFix v2.206

Scan done at 12:54:27.09, Wed 07/25/2007
Run from C:\Documents and Settings\Administrator\Desktop\NewFIX\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [Version 5.2.3790] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\serverappliance\appmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\system32\serverappliance\elementmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\RsServ.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\serverappliance... Read more

A:Windows 2003 infected with Trojan & lots of pop ups Thanks for the help!

Please anyone can help me with this problem. This is my developer box and I cannot afford to format it. Thanks in advance again.
 

Read other 1 answers
RELEVANCY SCORE 78.8

Ok, I have lots of XP problems:

Can't open My computer from the desktop, the computer just locks up whilst attempting to open it, showing me the animated torch, saying it is looking for files.

The computer is running really slow, locking up and crashing programs for no apparent reason.

Cant access the drop down box (shortcut key F4) in windows explorer/applications/anywhere.

Internet explorer refuses to do anything if I type a web address without the http:// into the address box. It worked before, but now it isn't for some reason.

Finally, when I restart windows, it locks up for anything up to 5 minutes when it comes back up. The windows bar with the start button on, when I pass my mouse over it, the pointer turns to an hourglass and I am unable to do anything unti it sorts itself out.

I have tried running several anti virus programs, including AVG, Mcafee and Norton. Only AVG came up with a virus, 'Dialler'. I cleared this and it didn't make any difference. I alos tried system restore from several points, but each time it told me that it was unable to restore.

If ANYONE can give me any help at all, I would be extremely grateful.

Yours,

Wayne Donnelly.
 

A:Lots and lots of XP problems - I'm tearing my hair out

Read other 6 answers
RELEVANCY SCORE 78.8

PLEASE HELP ME! my computer is sooo SLOW and i dont know what is wrong with it. So please tell me Wich files i can Delete..
THNK YOU VERY VERY MUCH!
Logfile of HijackThis v1.97.3
Scan saved at 19:54:12, on 14/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Archivos de programa\Iomega HotBurn\Autolaunch.exe
C:\Archivos de programa\Winamp\Winampa.exe
C:\ARCHIV~1\NORTON~1\navapw32.exe
C:\Archivos de programa\rb32\rb32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Orbit\update.exe
C:\Archivos de programa\Orbit\view.exe
C:\WINDOWS\webassist.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\rundll16.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Docume... Read more

A:Help PLEASE my computer is slow and i get lots and lots of popups

Read other 13 answers
RELEVANCY SCORE 77.6

First - thanks in advance for the help!

I (very very stupidly) tried to download the new southpark this evening, and before I knew it I was told I didn't have the right codec and now I have worm/trojan/virus/something.

The symptoms are thus:
Windows update will redirect me to google, and the search results that come up are garbage adware
Malwarebytes will istall if I rename the file, but won't execute once installed

I have also tried to install spybot search and destroy, but can't even get through the installation before I get an error and have to abort.

please help! and thanks!

-Andrew

A:Windows update redirects to google (lots o' crap once there), Malwarebytes will install but not run, other spyware programs...

forgot to post before - I'm running Windows XP service pack 3

Read other 5 answers
RELEVANCY SCORE 76

I'm getting lots and lots of pop ups from IE not Mozilla.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:32 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
C:\Program Fi... Read more

A:Lots and Lots of Popups I think I have a virus

Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the remo... Read more

Read other 3 answers
RELEVANCY SCORE 76

My Dell Inspiron 530S running Vista (32-bit) Ultima has the very annoying habit of having a problem loadingb my user profile after it have been left logged into any other user (wife, or one of several daughters) Before I understood what the problem was I would simply shutdown and re-boot and I would seem to be back to normal. However, as I was trying to clean up the hard drive the other day, I noticed that the User director have 30+ extra profiles in it! They are in the form of TEMP.%computername%.000 thru TEMP.%computername%.030 - plus a few others that relate to a 'repair' of one my daughter's directory. I suspect that repair was faulty/incomplete but she seems happy with the directories she can access.
Questions:
1.) Why is it doing this? I have read other logon failure threads and have looked at the profile entries in REGEDIT
2.) Why doesn't takeown command allow me to get rid of all the excess USERS directory entries?
 

A:Lots and lots of user profiles

Read other 8 answers
RELEVANCY SCORE 76

good evening:
I went into component services to check how everything is going; in the Event Viewer (local) System category, was I shocked ! What IS all this I am running XP home on a Dell Dimension 8200 w/384 mb I don't have any problems surfing or doing anything online, but am I missing stuff? heres what is happening

The IPv6 Internet Connection Firewall service terminated with service-specific error 2147952447 (0x8007273F).
===============================
The Portable Media Serial Number Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
================================
The Human Interface Device Access service terminated with the following error:
The specified module could not be found.
============================
The Application Management service terminated with the following error:
The specified module could not be found.
================================
The IPv6 Internet Connection Firewall service was unable to find support for IPv6. This may indicate that the IPv6 protocol suite is not installed or it failed to start. The data is the error code. (Ive a few of these)
==========================================

this one here was a warning sign next to it:

Unable to contact a DHCP server. The Automatic Private IP Address 169.254.193.99 will be assigned to dial-in clients. Clients may be unable to access resources on the network.
======================... Read more

Read other answers
RELEVANCY SCORE 76

Hello.... My worst nightmare just happened.... I think I've lost 100gb of data......
Ok here is how it happened: I have a Western Digital 200gb hard drive, on a 1200mhz cpu, so I needed somthing for my disk space barrier. So I got the latest LifeGuard Tools from the official WD homepage.... everything worked fine, untill yesterday, then I started getting the messages of a corrupt file or directory, and windows advised me to use scandisk... Because I have winXP I had to reboot the computer to run scandisk.

Well It looked like scandisk fixed something, but the files were gone... that was just a small problem because these were just 6 mp3's and I had a backup of them....

But this morning I couldn't open my hard drive (its an extra drive, the windows is on another drive so it works fine) so I rebooted again and ran scandisk..... and when it was done I could open the drive, but it was empty...... over 100gb of data gone....
And I don't have bakup for all of it (about 50%)....

Are my files gone, or is it possible to recover them... And is there any solution for this problem, or is this disk not safe?

Please help!!
 

A:Lots and lots of data lost

Read other 10 answers
RELEVANCY SCORE 76

good evening:
I went into component services to check how everything is going; in the Event Viewer (local) System category, was I shocked ! What IS all this I am running XP home on a Dell Dimension 8200 w/384 mb I don't have any problems surfing or doing anything online, but am I missing stuff? heres what is happening

The IPv6 Internet Connection Firewall service terminated with service-specific error 2147952447 (0x8007273F).
===============================
The Portable Media Serial Number Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
================================
The Human Interface Device Access service terminated with the following error:
The specified module could not be found.
============================
The Application Management service terminated with the following error:
The specified module could not be found.
================================
The IPv6 Internet Connection Firewall service was unable to find support for IPv6. This may indicate that the IPv6 protocol suite is not installed or it failed to start. The data is the error code. (Ive a few of these)
==========================================

this one here was a warning sign next to it:

Unable to contact a DHCP server. The Automatic Private IP Address 169.254.193.99 will be assigned to dial-in clients. Clients may be unable to access resources on the network.
======================... Read more

Read other answers
RELEVANCY SCORE 75.6

Hey just wonderin' if anyone could help me look over my Hijackthis log.. I have tonnes of spyware (I think), and it's making my computer really slow!! If anyone could help, it'd be appreciated! Thanks in advance!
P.s -- I have installed and ran Adaware 6.0..

Logfile of HijackThis v1.98.2
Scan saved at 11:15:26 AM, on 31/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Cle****arch\Loader.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\msbb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Fil... Read more

A:Need Help...Lots of Spyware!!!

For the first part of it, search for the process name in Google...ie for 'C:\Program Files\Softex\OmniPass\OPXPApp.exe' you search for 'OPXPApp.exe'. There are a few sites that have a directory of process descriptions on which you will be able to find some helpful information.

As for the second part, the following is what I can recognize as bad:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Micro... Read more

Read other 1 answers
RELEVANCY SCORE 75.6

Thanks in advance! I am having lots of spyware and random ads, my homepage being changed, popups etc! I'll be honest, I visited some 'naughty' sites (usually don't hurt, but I guess I accidently clicked some links, yadda yadda yadda, I went to teh BAD 'naughty' sites.

Logfile of HijackThis v1.97.7
Scan saved at 11:26:04 PM, on 5/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SERVICES\WMPLAYER.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\APPLICATION DATA\OBRB.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\PRITOM\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=129825
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=129825
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\search.html
R1 - HKCU\Software\Microsoft\Internet Explo... Read more

A:Can someone look at my HJT, I'm getting lots of spyware..

Yes..............you have a hatful of baddies in there.....no firewall and no antivirus program..no wonder

Go to http://computercops.biz/downloads-cat-14.html , and download the latest version of CWShredder by Merijn Bellekom, the creator of Hijack This.
Run it, press 'Fix', and allow it to fix all it finds.
And remember to click "Fix" (Not "Scan only")
After its done its thing hit the"How do i prevent reinfection" tab....
In particular pay attention to the patches for the operating system regarding the ByteVerify vulnerability which is how you got infected in the 1st place.

When it is finished restart your computer.

Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows re... Read more

Read other 3 answers
RELEVANCY SCORE 75.6

Hello! I'm experiencing a browser hijack, lots of pop ups coming up on almost every other page I visit, and major computer slowdown. I tried running CWShredder, but it didn't seem to do much. I ran Hijack This... maybe someone can make sense of this log. Any help would be greatly appreciated, thanks.
Logfile of HijackThis v1.97.7
Scan saved at 2:08:31 AM, on 2/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\Program Fi... Read more

A:Need help.. lots of spyware

Read other 11 answers
RELEVANCY SCORE 75.6

I am trying to clean up a computer for a friend and it is super slow. Today I have uninstalled Norton and McAfee because they were slowing the computer down so bad. I've noticed MANY poker/casino entries in the programs list, and there are so many, I'm not sure how to get rid of them all! I've downloaded/run hijack this, so here is my log file. Please let me know how to proceed!

Thanks so much! Kristin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:14 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\lwinupdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tren... Read more

A:Help! Lots of Spyware I believe

Hi khorsed1018,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------


Quote:




Today I have uninstalled Norton and McAfee because they were slowing the computer down so bad.




No Wonder it was running slow... Running more than 1 anti-virus can slow down a computer. Please install only one active Anti-Virus, so that this computer is protected.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options &... Read more

Read other 16 answers
RELEVANCY SCORE 75.6

Logfile of HijackThis v1.97.7
Scan saved at 6:07:23 PM, on 6/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\StoreFlag\dart trust.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\ACSSetup.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Rogers\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/index.html?http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Ex... Read more

A:Lots of spyware

Read other 10 answers
RELEVANCY SCORE 75.6

Im getting many pop ups and ads and my virus scanner finds around 4 trojans a day i remove the ones i can but they just come back, i would re install my windows but i have a custom pc and i do not have all the software for my parts.

Here are some that ive been getting
www.ameana.com
www.broadcaster.com
I've been getting the winantiviruspro and winantispywarepro ive used several spyware and ad removal software like XoftspySE, spywareblaster spybot search and destroy. but it just keeps coming back
Some Virus that im getting are
Trojanhorse Generic
Trojanhorse Collect and more like that but i cant remember them.

Here is my hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 16:19:45, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\a... Read more

A:Lots of spyware( i think)

1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 7 answers
RELEVANCY SCORE 75.6

Logfile of HijackThis v1.99.1
Scan saved at 4:36:33 PM, on 4/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\windows\system32\oreiekr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\packager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\ldtitk.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROG... Read more

A:Please help lots of spyware

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download FxIstbar and run it.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\windows\system... Read more

Read other 1 answers
RELEVANCY SCORE 75.6

Logfile of HijackThis v1.99.1
Scan saved at 10:00:09 AM, on 22/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cusrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - De... Read more

A:Lots of Spyware

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when a reply has been made.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 75.6

Hello, I just scanned my pc and I know it is just filled with goodies. Can someone please help me delete any and all spyware. I do use Adware, zonealarm, and have yahoo DSL. Thanks in Advance
Logfile of HijackThis v1.97.7
Scan saved at 11:05:18 PM, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\... Read more

A:Lots of spyware PLEASE HELP ME!!!!!!!!!!!!!!

Read other 6 answers
RELEVANCY SCORE 75.6

Hi, can someone help me please i have no where else to look =D

when i scan with, Spybot and MSAnti Spyware i got many spyware, these include,

ISearchTech.PowerScan
ISearchTech.SideFindISearchTech.ISTToolbar
ISearchTech.ISTXXXToolbar
DyFuCa.InternetOptimizer
180SearchAssasitant
and a few more

no matter what i have done (removed them with all Adware removal programs such as AdAware) they still come back and i have random proccesses running up every often out of no where such as msnmssrg.exe etc and things like ftp.exe dwwin.exe - I dont know what else to do

Here is my hijacklog someone please help me and do you think it could of something to do with the network? like installed some secret firewall because whenever i try to do a newtwork i know get errors and it only just started when i got all this spyware,

i think its something like Win32.RBot something that installs things day after day because ive tried deleting regestry settings and the folders in the program files and it still doesnt work

so i come for some expert help =D

heres my HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 22:22:09, on 31/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS�... Read more

A:Spyware and lots of it

Hello RaxeN and welcome to BleepingComputer.Your log shows that you are seriously behind on windows updates. It is essential that you update your operating system as otherwise any infections we remove could reoccur. After we get you all cleaned up, be sure to go to Windows Update and if it asks to install software, allow it to do so. Install the offered Critical and Security updates, reboot as requested and return until you have installed all available Critical and Security updates.You have HijackThis running from a temporary or zip folder. Any backup files HJT creates during the repair process will not be secure if left in this folder.Create a folder on the C: drive called "C:\HJT". You can do this by opening My Computer then double click on Local Disk (C:). In a clear area right click and select New then Folder and name it "HJT". Unzip HijackThis into this folder. Please delete any other copies of HijackThis and run HJT only from this new folder.Open the Control Panel then double click on Add/Remove Programs. Look for the following and uninstall them if found:- 180solutions- InternetOptimizer- IST Toolbar- SideFind- SideSearchor anything named similar to what you have seen listed in other scansConfigure Windows to enable viewing of Hidden and System files. Reboot into Safe Mode.Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:O4 - HKLM\..\Run: [Main Board ... Read more

Read other 2 answers
RELEVANCY SCORE 75.6

My sister came home and borrowed my PC over the thanks giving break. She downloaded a bunch of stuff, and left me the presant of tons of spyware!

Took me about 10 mins to get to this page... Random programs are installing themselfs, i all of a sudden have a new tool bar that I've never seen before, a new list is in my favorites menu or stuff i didn't even install.

I usually run adaware once a week, and it always comes out clean. yesterday i ran it and it found over 500 bugs. I cleared them all and did it in safe mode. No matter what I do i can't get rid of this! PLease help!!! I am begging! This is a recent hijack this scan

Logfile of HijackThis v1.98.2
Scan saved at 6:01:10 PM, on 11/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ssorpk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common F... Read more

A:Help!!!!!!! Lots of spyware need help!

Read other 11 answers
RELEVANCY SCORE 75.6

When i run spybot s&d it picks up a lot of spyware. also avg sayas there is a trojan in the machine. I am also getting a lot of pop-ups. please help. thanks.


Logfile of HijackThis v1.99.1
Scan saved at 8:38:25 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C... Read more

A:Lots of spyware

Hello and welcome to TSF

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you. Please allow it.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 4 answers
RELEVANCY SCORE 75.6

helllo everyone!
i am getting lots of pop-ups for malicious software removal wizard etc,i am running adaware and spy bot ,they cant detect anything,i did panda scan and it detected more than 20 spywares,i am posting my hijack file,plz tell me what to do!
thanx in advance,im a new member i hope you guys would help me!

Logfile of HijackThis v1.99.1
Scan saved at 6:01:15 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\syst... Read more

A:Lots of spyware :(

Hi, PNECEngg.

Welcome to TSG.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button... Read more

Read other 3 answers
RELEVANCY SCORE 75.6

Hi - Could someone please help me and tell me what to do from here? I downloaded HijackThis and the log is below. Any insights?Thanks so much!Logfile of HijackThis v1.99.1Scan saved at 12:52:17 AM, on 11/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\Documents and Settings\Eric Pfeil\My Documents\Eric's\SFUninstaller.exeC:\Documents and Settings\Eric Pfeil\My Documents\Eric's\SFUninstaller.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\STOPzilla!\szntsvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\... Read more

A:Lots Of Spyware

--------------------------------------------------------------------------------------------------------------------Hello,It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!First, go to start > controlpanel > software > add/remove programs and uninstall next if present:SpyFighter This is a so called spyware remover with a bad reputation.I also see you have Viewpoint installed:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerPartypoker is also present on your system. In most cases this is getting installed without users knowledge, so I recommend you uninstall it if you don't use it.And I see Limewire and Kazaa. Both are known P2P programs which are bundled with spyware. Even Kazaa lite is, although they say they are not. That's why I strongly recommend you uninstall them as well.Read this article for alternatives that will provid... Read more

Read other 5 answers
RELEVANCY SCORE 74.4

The other day I got ahold of some spyware and its completely trashed my comp. I keep having my desktop changed to something saying I have a spyware problem, my homepage pops up as a spyware page, and I get nonstop spyware popups. Any help to get this thing clean would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:06 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE... Read more

A:Lots of Spyware problems

You have a MESS!!!!!! - Do ALL of the following

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum
=====================

NOTE: If you have downloaded ComboFix previously please delete that ... Read more

Read other 2 answers
RELEVANCY SCORE 74.4

Problem: Internet Explorer won't open any webpages. There's something (I believe it's some kind of spyware) that's redirecting all the web pages to diffrerent places (on the status bar, it's going from one website to another when I type in one website, like google). I did many spyware scans and many anti-virus scan, and removed alot of spywares already, but it's still not clean. Please help! Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:10 PM, on 5/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\Common Files\New... Read more

A:Lots of spyware in the computer! Help!

I know I shouldn't do this, but I did a new scan with HiJackThis and here's a new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:33 PM, on 5/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\QvodPlayer\QvodTerminal.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Canon\CAL\CA... Read more

Read other 2 answers
RELEVANCY SCORE 74.4

I have a lot of viruses, and spyware/malware...etc ...I keep getting unauthorized downloads onto my desktop and my computer is loading incredibly slow....

Here is an HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:23 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:... Read more

A:Lots of viruses/spyware/ads...etc Please HELP

I don't see any anti-virus software running.
Load AVG it's free.

Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running ... Read more

Read other 1 answers
RELEVANCY SCORE 74.4

Logfile of HijackThis v1.97.7
Scan saved at 9:11:10 PM, on 6/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\documents and settings\christine page\local settings\temp\zYu0JQU8.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\ntpconv.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\... Read more

A:lots of spyware...hijackthis log

Read other 9 answers
RELEVANCY SCORE 74.4

Hi guys. First time poster so please bare with me. A couple of days ago i successfully removed a few spyware and trojans from my gfs computer. However in doing so I seem to have infected mine with a lot more. I honestly have no idea where they came from...probably a rogue anti-spyware download or something like that. Im getting more infections by the day and I cant seem to get rid of them. I have followed the 5 recommended steps before posting here however the panda online antivirus would not work for me. It kept saying error during update and I could'nt proceed any further. Im getting lots of random pop ups in both IE and Firefox. Plus a frequent 'buffer overrun' which is incredibly annoying. The original infections that spybot detected are the following:

MediaPlex
Virumonde
Zango
Zlob.Downloader.oid
Zlob.Downloader.vdt


I have run spybot more than once and it keeps finding occurences of the same spyware so im assuming it just cant remove them. Any help would be appreciated. Here is my DSS log:

Deckard's System Scanner v20071014.68
Run by Sam on 2008-04-29 11:26:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-04-28 21:29:09 UTC - RP326 - Scheduled Checkpoint
8: 2008-04-27 23:14:41 UTC - RP325 - Removed iTunes
7: 2008-04-27 02:29:34 UTC - RP324 - Windows Update
6: 2008-04-26 2051 UTC - RP323 - Scheduled Checkpoint
5: 2008-04-24 21:17:20 UTC - RP322 -... Read more

A:Help, lots of spyware infections!

Hello, Welcome to TSF
I'm nasdaq and will help you.

Familiarize yourself with this combofix tool.
http://www.bleepingcomputer.com/comb...o-use-combofix

It's IMPORTANT to carry out the instructions in the sequence listed below.
***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

Please Note:

1. Disconnect from the internet. Unplug the cable from the wall.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Read other 1 answers