Over 1 million tech questions and answers.

Annoying Spyware [outerinfo, Etc]

Q: Annoying Spyware [outerinfo, Etc]

so my laptop is pretty swamped with spyware. very often my browser pops up with outerinfo or other ads that force all browser pages to close. in addition some popups routinely crash explorer and cause the taskbar and desktop to reset. i really need a reliable non-system hog of a spyware protection proggie; zone alarm just absolutely decimates system resources. in general my computer's operation has been slowed drastically (nearly to a crawl). also as i'm typing this my cursor randomly jumps up to different areas forcing me to re-click where i was typing. this is very annoying and just started happening recently.

heres my recent HJT log. there doesnt seem to be much on it. am i forgetting something?
i know on msconfig i disabled quite a few startup items that seemed erroneous.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:15 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\F?nts\??erinit.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [Jar] C:\WINDOWS\system32\F?nts\??erinit.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 2584 bytes

RELEVANCY SCORE 200
Preferred Solution: Annoying Spyware [outerinfo, Etc]

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Annoying Spyware [outerinfo, Etc]

HiNavigate into C:\Program Files\Trend Micro\HijackThis folder and rename HijackThis.exe file -> geoffre.exe. Post a fresh hjt log after renaming is done

Read other 2 answers
RELEVANCY SCORE 58.8

hey guys last post i did you never responded so i am hoping that you respond this time. I keep having this outerinfo problem and other various vundo.variants and trojans. I will post my hijackthis log and anything else you guys can help me with.

thanks in advance
you guys are such a big help

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:21:10 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSp... Read more

Read other answers
RELEVANCY SCORE 53.2

I've used Spybot S&D and Ad Aware. Both of them clean things up, and I used AVG free virus protection. I installed my windows updates, did McAfee stinger, and CCleaner and put in Sygate firewall. And, Things keep coming back. I even used VundoFix which seemed to get rid of some stuff, but then there was still more.Popups appear that say "Advertisement for Outerinfo" - usually three of them pop up together with IE. I use firefox.Then, more stuff is always found by Spybot. Sometimes I've also been getting a popup that says "Server Busy" and it has two boxes "Switch to..." and "Retry" - but it looks like it's probably a spyware popup, not a real thing. I've tried a lot, so now I come to you for help. Thanks for taking the time to look at this - DanielHighjackThis log....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:17:21 PM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Lavasoft\Ad-Aware ... Read more

A:Outerinfo Popups - Neverending Spyware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum durianloverMy name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Res... Read more

Read other 10 answers
RELEVANCY SCORE 52.4

Hows it going? recently my computer started doing a whole bunch of things it has never done before and i think it all started with a program called outerinfo that appeared on my computer at the same time all this started happening. trend micro pc cillin internet security 14 came with my computer and is showing me about 10 infected files on my computer with various trojans. ive tried to manually delete and it says the file is in use or write protected. next 2 new icons appeared in my system tray that i do not trust. one is a red circle with an x in it. it says it is windows antivirus and i should download some spyware even though i already have it and i just downloaded AVG antispyware yesterday. the other icon is a yellow triangle with an exclamation point in it. when you hover the mouse over it, it says "your computer is infected"
i have a combofix and a hijackthis log. any help is very much appreciated. thank you.

Combo Fix Log
ComboFix 08-01-23.1C - Bob G 2008-01-25 21:23:24.1 - NTFSx86
Running from: C:\Documents and Settings\Bob G\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\BOBG~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Bob G\Application Data\macromedia\Flash Player\#SharedObjects\5W7GUH3M\www.broadcast... Read more

Read other answers
RELEVANCY SCORE 52.4

Whats up first time poster to this site just looking for some help with this menacing virus which is attacking my computer. The vundofix found an infected system file but was unable to delete live or on reboot. The following is my hijackthis log and combo fix log. Any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:42:19 PM, on 10/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\pirdelmy.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\winshow.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeC:\WINDOWS\?icrosoft.NET\m?hta.exeC:\PROGRA~1\PANICW~1\POP-UP~1\... Read more

A:Outerinfo Fake Spyware Removal Virus

Hi miamifan22 and Welcome to the Bleeping Computer!Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallAfter posting those logs,please consider these free options for some Antivirus and Firewall Software to help secure that machine. Avira AntiVir PersonalEdition ClassicandZone Alarm Free

Read other 3 answers
RELEVANCY SCORE 52.4

Hello..
Can someone please help me? I have been getting popups for 3 days now...used Avast, my anti-virus. It is saying that there is something called Outerinfo, I downloaded SpyguardPro by accident thinking it would work, and also my Sophos anti-virus is saying I have a troj/virtum-gen, troj/dloadr-BGU, and WinAntiVirusPro in my quarantined items. And now, the resolution on my computer is HUGE, and I can't change it! Here is my attached information:


Deckard's System Scanner v20071014.68
Run by KatieD on 2008-01-24 08:38:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-01-24 13:39:26 UTC - RP901 - Deckard's System Scanner Restore Point
44: 2008-01-24 13:26:58 UTC - RP900 - Software Distribution Service 3.0
43: 2008-01-23 14:08:43 UTC - RP899 - Removed Apple Mobile Device Support
42: 2008-01-23 04:43:36 UTC - RP898 - Removed iTunes
41: 2008-01-23 04:33:54 UTC - RP897 - Removed Apple Software Update


-- First Restore Point --
1: 2007-12-16 12:04:25 UTC - RP857 - Installed Windows Live Messenger


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulati... Read more

A:Virus/Spyware Problems Outerinfo? SpyguardPro?

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 45.2

Hi there,I posted this on another forum, but I don't believe it was exactly where it should have been.I have been experiencing annoying pop-ups lately that appear to be false threats, System Alert: Malware threats and another that states Critical system error. Both of these would like me to purchase new spyware software. I have software for this, but this stuff slipped through somehow. I have already scanned numerous times and my system has not found any viruses or high threats. I'm not sure what to do now... I downloaded hijackers and here is my log...Logfile of HijackThis v1.99.1Scan saved at 4:51:48 PM, on 9/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\EARTHL~2\PROTEC~1\ADSSER~1.EXEC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mclogsrv.exeC:\PROGRA~1\McAfee\MSC\mcupdmgr.exec:\program files\c... Read more

A:Annoying Pop-ups; Spyware?

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 1 answers
RELEVANCY SCORE 45.2

My computer recently got infested with spyware. I managed to get rid of most of it with adaware and spybot but one remains. Spybot recognised it as 'command service' but will not delete it due to it being used by memory. All this thing does is slow down my computer when connected to the internet by opening heaps of Norton Anti virus email scans. How on earth do I get rid of this?
 

A:Really annoying spyware

Read other 16 answers
RELEVANCY SCORE 45.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:04:08 PM, on 6/2/2009Platform: Unknown Windows (WinNT 6.01.3004)MSIE: Internet Explorer v8.00 (8.00.7100.0000)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Logitech\SetPoint\LBTWiz.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\Hp\HP Software Update\hpwuSchd2.exeC:\Users\charles\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Opera\Opera.exeC:\Program Files\Digsby\lib\digsby-app.exeC:\Program Files\Digsby\lib\aspell\bin\aspell.exeC:\Windows&#... Read more

A:annoying pop up spyware

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

Read other 2 answers
RELEVANCY SCORE 45.2

Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreat... Read more

Read other answers
RELEVANCY SCORE 45.2

Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreat... Read more

A:Please Help With Annoying Spyware

http://forums.techguy.org/security/487179-annoying-spyware-keeps-coming-back.html
 

Read other 1 answers
RELEVANCY SCORE 45.2

Basically, there's some stuff that got on to my computer that i need to get rid of, because it's causing annoying pup-ups. Here is my HJT log so you can help me quickly:Logfile of HijackThis v1.99.0Scan saved at 9:59:25 AM, on 5/1/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\svchost.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\Explorer.EXEC:\WINNT\popuper.exeC:\WINNT\system32\msole32.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Network Associates\VirusScan\SHSTA... Read more

A:OMG, annoying spyware on my PC!

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exeO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: Virtual Maid... Read more

Read other 8 answers
RELEVANCY SCORE 45.2

Hey guys, for a couple of days there has been these pop up windows coming up on Internet Explorer even though I haven't used IE. Also sometimes music starts playing out of the blue, I guess it's a commercial or something.

I've seen some strange processes in the task manager: a.exe, b.exe, c.exe, msb.exe, 648.tmp.exe... btw I'm running XP sp3. Thanks for your help

Here's DDS:


DDS (Ver_09-05-14.01) - NTFSx86
Run by gurlie at 20:44:09,95 on 2009-06-22
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1015.445 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\Program\EeePC\ACPI\AsTray.exe
C:\Program\EeePC\ACPI\AsAcpiSvr.exe
C:\Program\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Elantech\ETDCtrl.exe
C:\Program\Elantech\ETDDect.exe
C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsg... Read more

A:Annoying Spyware, Help please

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

I am very cautious about spyware, and I usually have none, but lately spybot always finds "Avanue A, INC", "Double CLick", and "Hit Box"

I never had theese before and i dont understand why they are there everytime I run a check.

Any ideas?
Thanks.
 

A:annoying spyware

Read other 7 answers
RELEVANCY SCORE 45.2

How can i remove spyware that keeps coming back after i have used various spyware removers?

A:annoying spyware

Ask the folks at this Forum Here.

Read other 2 answers
RELEVANCY SCORE 45.2

hey

Ive been recently getting alot of popups from the url-
http://empnads.com/servlet/ajrotator/117283/0/viewHTML?zone=enternet
ive run a number of virus chekers and spyware blokers who have claimed to of found nothing and yet the popups still appear. in the time i have written this email 6 popups have continued to show.

how do i get rid of this crap ?

please help
thanks
 

A:annoying spyware........

make a new permanent folder, name it hijack, click on the above link to download hijackthis to that folder. after unzip the file, run it, and make a hijack scan and save it, copy the log and post it.

http://www.majorgeeks.com/download3155.html
 

Read other 3 answers
RELEVANCY SCORE 45.2

uhhmmmm....yeah...srry about the double post on another forum topic...didnt read correctly...anywaysi would like some help removing suspected spyware from my computer. i already downloaded and used spybot search and destroy and windows defender, but advertisements still keep showing up. on bottom bar of my desktop, there will sometimes be a flashing yellow triangle with a ! on it, and sometimes another shield looking icon the switches between the color blue with a ? and the color red showing X.whenever i click on the icon or the bubble coming from it, it guides me to a site selling malware removal. sometimes ill receive a pop up advertising for more malware removal programs. right now, the browser i use is called safari, which i got from apple. heres the log i got from hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 下午 03:17:01, on 2008/2/24Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Ar... Read more

A:Annoying Spyware Ads

Hello,* Please download SmitfraudFix (by S!Ri)* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Doubleclick SmitFraudFix to start the tool.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 will set your desktop background blank again. But you can reapply your desktop background again afterwardsYou will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process.Post the log from smitfraudfix in your next reply together with a new hijackthislog.The report can also be found at the root of the system drive, usually at C:\rapport.txt

Read other 19 answers
RELEVANCY SCORE 45.2

Ive got some annoying spyware/adware thats been bugging me for a week. Keeps redirecting my google searches and such. Its only when I search and click on a link that it redirects, if I put the sites url in the address bar it connects fine. My free avg either didnt find it or didnt delete it. Help me out please.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:55 PM, on 8/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WIN... Read more

A:Annoying Spyware

Read other 7 answers
RELEVANCY SCORE 45.2

Hi,I have annoying pop ups every time I use my Internet Explorer.... I have ran Spybot and AdAware and Windows Defender as well and apparently it has not corrected the problem. I have included a HighJackThis log file for your review...Can anyone tell me how to remove this pesky spyware??Thank you!Logfile of HijackThis v1.99.1Scan saved at 8:30:02 AM, on 6/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Wi... Read more

A:Spyware/ Annoying Pop Ups

Hello Raines,

I am currently analysing your log and post back a fix ASAP. Thanks

Read other 6 answers
RELEVANCY SCORE 45.2

I seem to be infected by some annoying spyware/malware that produces pop-up ads and short audio clips with or without a browser open. With the ethernet cable disconnected, every few minutes I can hear the Windows "open program click" like a program is trying to open. Not to mention it has slowed the computer way down. I am running Windows XP. Here is the HijackThis log. Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:27 AM, on 8/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ControlSS\ControlSS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\An... Read more

A:Annoying Spyware Plz Help!

Hello and welcome to Tech Support Guy.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:
Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like ... Read more

Read other 3 answers
RELEVANCY SCORE 45.2

Hi all,

I never had a chance to get rid of the last spyware because i've been busy with school, but it hadn't caused too much problems - today though I found some more new programs that keep opening up pop-up windows anytime I log into the Internet. Here is the Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 9:08:19 PM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program File... Read more

A:Some more annoying spyware

Read other 7 answers
RELEVANCY SCORE 45.2

having problems with annoying spyware alert, will not close or delete any suggestions??

A:Annoying Spyware

Based on your very short description, it is hard to tell exactly what problem you are having, but let's give this a try:Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Download SmitfraudFix (by S!Ri)Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.Reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support.Once in Safe Mode, open the SmitfraudFix folder again. Double-click smitfraudfix.cmd.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the c... Read more

Read other 1 answers
RELEVANCY SCORE 45.2

hey, I'm new to this game

I seem to have been hijacked by the 4bf65.ilxt hijacker and get bombarded with popups

can any one help please

hijack this file follows

Logfile of HijackThis v1.98.2
Scan saved at 21:55:31, on 11/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\PROGRA~1\Grisoft2\AVG6\avgserv.exe
C:\Program Files\BT Digital Access USB\vstartx.exe
C:\Program Files\BT Digital Access USB\gisdnlog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Digital Access USB\gsyno.exe
C:\PROGRA~1\Grisoft2\AVG6\avgcc32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.... Read more

A:Annoying spyware

Read other 8 answers
RELEVANCY SCORE 45.2

I've got a laptop that is up to date with all the current MSFT security patches and my spyware and virus removal software is up to date. However I still have spyware that I cant detect and remove. I just ran Spybot and it said my system is clean. This is not the case. I ran HijackThis and this is the log file. Any help you can give me would be wonderful:
Logfile of HijackThis v1.99.1
Scan saved at 8:12:46 AM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wir... Read more

A:Annoying Spyware

Read other 16 answers
RELEVANCY SCORE 44.4

Hi. I've been plaqued with spyware that simply will not disappear regardless of what I try. I've done SpyBot, Adaware 6, HJT (just removing things that I was sure didn't belong), Norton AV 2005. I've removed files in Safe Mode. etc. etc. It just keeps reinstalling itself and drives me nuts with notifications from my WebRoot Spy Sweeper. ISTSVC, Windows Ad Service, Bargain Buddy. You name it, I seem to have it. I've attached my latest HJT log. Logfile of HijackThis v1.98.2Scan saved at 8:11:53 PM, on 1/3/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WIND... Read more

A:annoying spyware problems

Adaware 6.0 is no longer supported. Download and run Adaware SE 1.05.Download, run, and configure AdawareDownload Ad-aware SE from: http://www.majorgeeks.com/download506.htmlInstall the program and launch it.First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.Next, we need to configure Ad-aware for a full scan.Click on the Gear icon (second from the left) to access the preferences/settings window1. In the General window make sure the following are selected: * Automatically save log-file * Automatically quarantine objects prior to removal * Safe Mode (always request confirmation)2. Click on the Scanning button on the left and select : * Scan Within Archives * Scan Active Processes * Scan Registry * Deep Scan Registry * Scan my IE favorites for banned URL?s * Scan my Hosts file * Under Click here to select drives + folders, choose: * All of your hard drivesClick on the Advanced button on the left and select: * Include additional process information * Include additional file information * Include environment informationClick the Tweak button and select: * Under the Scanning Engine: o Unload recognized processes & modules during scan o Include additional Ad-aware settings in logfile * Under the Cleaning Engine: o Let Windows remove files in use at next rebootClick on Proceed to save the settings.Click Start and on the ne... Read more

Read other 7 answers
RELEVANCY SCORE 44.4

I just removed a ton of spyware with spybot S&D, adaware(and vx2 cleaner), ran spyblaster, and am using macfee virus scan. All of the programs were updated before running them. I am running XP with sp2. I am still getting a pop up(independent of me using a browser) or two here and there with IE and firefox, which both are instructed to block any popups. I will post below my hijack log, but I am pretty sure everything in the highjak log is safe. Please help me finish off the spyware.

More important? info. I have ran the vx2 cleaner then i reboot, and i can delete the .dll file that is causing troubles and it goes away. Then I reboot and there is a new one under a different name right in its place. run the cleaner, reboot, same thing. I try finding the new .dll that adaware brings up but it is never there, which is why it must be so easy to delete. So I am sorta lost as to how to find what is creating this new dll file every time.

Logfile of HijackThis v1.98.2
Scan saved at 5:14:53 PM, on 10/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system3... Read more

A:spyware getting real annoying

i can delete the .dll file that is causing troubles Click to expand...

Do you know what the dll is?

Your log is not showing what is going on so you need to reboot and let the bad guy take over, then post a log for us.
 

Read other 2 answers
RELEVANCY SCORE 44.4

Hi there,

How do I get rid of my spyware? I did run ad-aware and spybot, but still some rubbish keeps hiding on my computer. This is my file:

Logfile of HijackThis v1.95.0
Scan saved at 20:31:12, on 09-08-2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\PROGRAM FILES\NETROPA\TOUCH MANAGER\TOUCHMGR.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\MSMSGS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\NYMZLVP.EXE
C:\PROGRAM FILES\NETROPA\TOUCH MANAGER\MEDIACTR.EXE
C:\PROGRAM FILES\CREATIVE\SBAUDIGY\TASKBAR\CTLTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBAUDIGY\TASKBAR\CTLTASK.EXE
C:\PROGRAM FILES\COMMONSEARCH\VCATCH\VCATCH.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\... Read more

A:[solved]Annoying spyware

Read other 16 answers
RELEVANCY SCORE 44.4

I've included my Hijackthis log because my computer recently got a whole bunch of new programs that I did not agree to download. Unless a family member accidentally clicked on something (which is highly likely) then these programs seemingly came out of nowhere. They are things like annoying toolbars (possibly called blahchinaudio that I already deleted), I'm getting high amounts of popups now, desktop icons like "Internet" "Casino" "Online Shopping". It added tons of things to my favourites list, and I highly suspect it's using a lot of my computer's resources because my computer is going very slowly and is always making the little clicky thinking sound. I've already run adaware and that hasn't solved anything so I was wondering if anyone here could possibly help me. Thanks a ton in advance!Logfile of HijackThis v1.98.2Scan saved at 1:16:39 PM, on 22/09/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\LEXBCES.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\SYSTEM\mmta... Read more

A:annoying spyware. hjt log included

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lefysrirfwyqdfepokhwtw.com/OnQh...yifTH2Z5GS.htmlO4 - HKLM\..\Run: [glue wait] C:\PROGRA~1\LICENS~1\forkaxisbyte.exeO4 - HKLM\..\Run: [LICENSE CAST IDOL LONG] C:\WINDOWS\All Users\Application Data\load flap license cast\sixth bias.exeReboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\PROGRA~1\LICENS~1\forkaxisbyte.exe < -- Search for and delete file and directory it is inC:\WINDOWS\All Users\Application Data\load flap license cast\Reboot your computer to go back to normal mode and post a new log.

Read other 5 answers
RELEVANCY SCORE 44.4

I have the same problem as the guy in this thread but I presume i have to post my own hijack this log. Any help will be greatly appreciated.

http://forums.techguy.org/security/513261-solved-isamonitor-exe-isamini-exe-2.html
 

A:Annoying spyware stuff

Read other 15 answers
RELEVANCY SCORE 44.4

hey guys , yesterday night i ended up infecting myself with spyware or a virus i have no idea , i was looking for something online , downloaded a file which had .zip.exe without me noticing , and i ran it like an idiot. What happened exactly after i ran it is numerous " Windows Warnings " which can be seen in the picture i attached. Is also launches tabs in firefox for some spyware removal site. So far i have tried the following -- Ran Ad-Aware - Full System scan Ran Spybot Search&Destroy - Full system scan Ran AVG Free edition - Full Scan Anyways , if any more information is needed just let me know , il provide it as needed , i hope someone can lead me in the right direction.Hijackthis log ------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:34 PM, on 2008-05-07Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\xampp\apache\bin\apache.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre1.5.0_07\bin\jusch... Read more

A:Annoying Spyware/virus?

I would highly appreciate any feedback , i noticed my thread was bumped back to the 3rd page in less than an hour! busy busy

Read other 8 answers
RELEVANCY SCORE 44.4

First at all I apologize for my english, isn't my native language.

I have try all that I know, spybot, lavasoft adware, trend micro pc-cillin.

The pccillin detects a virus everytime I open a new internet address, besides I have to open them from "my documents" folder because everytime I open internet explorer it get hijacked.
The viruses I can't get rid off are crxr.exe, javaol32.exe, iekp.exe, ietf.exe, appgp32.exe, troj_agent.ale, troj_agent.kt, troj_startpge.cp, and with a new page, I get another virus. I put them in Quarantine, but everytime I run pccillin they apear again. : Don't know what to do.

I hope someone might help me. Thank you.

This is my resutl from hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 02:01:59 p.m., on 19/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\ARCHIVOS DE PROGRAMA\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\ARCHI... Read more

A:annoying virus and spyware... Help please

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Go to Start->Settings->Control Panel and double-click on the System icon. On the Performance tab click File System. Click the Troubleshooting tab, and then check Disable System Restore. Click OK. Click Yes when you are prompted to restart Windows. When we have confirmed that your log file is clean, you may enable System Restore again by following the s... Read more

Read other 3 answers
RELEVANCY SCORE 44.4

i have recently been bugged by some spyware that will not go away
i have tracked it down and it is part of lop.com or mysearchnow.com
other people with this similar problem have gotten rid of the problem with hijackthis.

can someone help me with this log?
Logfile of HijackThis v1.97.7
Scan saved at 12:20:15 AM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Anti-Virus\navapsvc.exe
D:\Program Files\Norton Anti-Virus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\desk98.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\program files\Quicktime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
D:\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?htt... Read more

A:help on some annoying spyware removal

Rescan once again with hijack and put a check next to each of the following thgen close all browser windows..
O2 - BHO: (no name) - {15BE954A-D95E-6976-9F4F-2B053871AE7C} - C:\PROGRA~1\PROGRA~1\Inside Sixth.exe

O2 - BHO: (no name) - {6BEC99E8-E478-9255-21D4-082D6CD78C3D} - (no file)

O4 - HKLM\..\Run: [Obj blah ooze junk] C:\Documents and Settings\All Users\Application Data\Findcdromobjblah\Flaw Link.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
Then reboot your system into safe mode
 

Read other 1 answers
RELEVANCY SCORE 44.4

hello.I have been having a problem with spyware latley. I have Spyware blaster installed, Spyware doctor, Nod32, spybot search and destroy, panicware pop up stopper, registry booster and registry mechanic, yet STILL i get all this spyware.Is there ANY software out there that is free (preferably) that PREVENTS spyware from being installed in the first place (like spyware doctor and spyware blaster) and removes them, without using too much memory (spyware doctor takes up a LOT of memory)?i am suprised that have so much spyware/viruses because i have several very reliable programs installed.... which ones should i get rid of if any ?here is my Hijack this Log:Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MD... Read more

A:Annoying Spyware Problem

Hello,* Please download VundoFix.exe to your C:\.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.After reboot,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):O2 - BHO: (no name) - {483CC496-D041-4545-8D9E-2D64294F97B2} - C:\WINDOWS\system32\hggecya.dllO2 - BHO: (no name) - {F487265D-4452-4B7F-9E0B-67732A7A8CAD} - C:\WINDOWS\system32\efedc.dllO3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)O20 - Winlogon Notify: efedc - C:\WINDOWS\system32\efedc.dllO20 - Winlogon Notify: hggecya - C:\WINDOWS\SYSTEM32\hggecya.dllO20 - Winlogon Notify: yayww - C:\WINDOWS\* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

I have a HJT log saved and it' listed below. The situation is that a syware/trojan is active. It creates a window and an alert on the task bar on the bottom right of the toolbar that displays-System perfomance monitor:Warning Summary: System performance slowed down by: 47% Internet connection speed decreased by: 39% Probable Reason: Spyware applications/Adware popup windows Click on this baloon to download spyware scan to remove spyware/adware applications. Very annoying!!!

Please scan over this and help asap, thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:32 PM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchAssist\bin\dgrpsetu.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\pr... Read more

A:Annoying Spyware popup

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 44.4

have recently been bugged by some spyware that will not go away
i have tracked it down and it is part of lop.com or mysearchnow.com
other people with this similar problem have gotten rid of the problem with hijackthis.

can someone help me with this log?
Logfile of HijackThis v1.97.7
Scan saved at 12:20:15 AM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Anti-Virus\navapsvc.exe
D:\Program Files\Norton Anti-Virus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\desk98.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\program files\Quicktime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
D:\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/i...://www.msn.c... Read more

A:annoying spyware wont go

Read other 14 answers
RELEVANCY SCORE 44.4

A computer in my household has very recently come under some heavy spyware fire (I don't know how, not mine) and while I have removed most of it, a very annoying one remains. The desktop background is covered by a blue screen with a message informing me that the pc is infected with spyware, and the are an annoying amount of ads popping up while browsing in Mozilla Firefox... it seems this is a popular problem at the moment...?
Running Hijack this in safe mode reveals:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:56 PM, on 26/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Your name\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ct... Read more

A:Solved: very annoying spyware

Read other 10 answers
RELEVANCY SCORE 44.4

Hello,Thanks for helping me out. This seems like a last resort for me. For the past week I keep getting this annoying pop-up. This is what it says.'Your browser is under the threat of infection. Windows requires your permission to install online protection tool.' Then it goes on saying my browser is in unsafe mode. My browser (IE 8) is in safe mode. If I allow the pop-up to download this so-called tool, it asks me to run this strange filename, and usually each time its a different file. I search for the filename online and there are 0 results for it. I never allow it it to download and just click out of the pop-up.I know I have some type of spyware/malware/virus because I also cant update my trend micro, windows, or any other anti-virus software that I download, such as malwarebytes, spybot, or Housecall. By the way malwarebytes only finds 2 infected files each time I scan and deletes them. It finds 'trojan.dnschanger' or something like that and its always these 2 files which tells me these files keep coming back.Everything else works on my computer. Right now the only anti-virus software I have is trend micro 2010.Below are my Hijackthis logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:47:53 AM, on 4/4/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng... Read more

A:annoying malware/spyware pop-up

Hello mike4262 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.In order to better assist you I will need the following:Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your ... Read more

Read other 25 answers
RELEVANCY SCORE 44.4

I am getting some pop-ups that run when I log on. Also I now have word links on all the web pages I am viewing. Certain words will be in green and will be a link to some search.

I have ran both Ad aware and spybot. I ran a Hijack this and here it is. I have deleted the HKCU Pop up search but it keeps coming back.

Could I get someone to review my Hijack this log and help a total computer klutz get his system squared away?
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zl... Read more

A:Annoying spyware stuff

Read other 14 answers
RELEVANCY SCORE 44.4

Recently I've had problems with malware that changes my wallpaper, and restricts my access online. Help? This is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:17 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphclfnj0etda.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\pphclfnj0etda.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\sys... Read more

A:Help! Annoying Spyware and Malware?

Hello trishax3

We have a special forum for cleaning the logs. I will get someone to move this thread over there.

In the meantime please follow the instructions below and post the required logs in this same thread

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs in the HijackThis Log Help forum.
http://www.techsupportforum.com/secu...this-log-help/

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please be patient when waiting for a reply. This forum is very busy and someone will help as soon as possible.

Thanks

Read other 1 answers
RELEVANCY SCORE 44.4

hi

I have some sort of malware or virus on my computer that causes a big pop-up that covers the whole window to pop-up every 5-10 minutes when I have mozilla open. aside from that it seems to make things run a bit slower, so it's not incredibly horrible but it's still pretty annoying.

I have the free version of AVG antivirus and Malwarebytes anti-malware, I've run scans using both programs a few times and they always find infected files, but after I remove/quarantine them the problem still persists. also, if I run the malwarebytes' scan and remove all infected files, then run it again right after, it will find more infected files that it missed the first time around, so somehow the malware/virus is fooling the scanning programs.

has anyone else run across anything like this? anyone know how to fix it? thanks

A:annoying virus/spyware pop-ups

Hi. Let us see the last MBAM log please.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Read other 8 answers
RELEVANCY SCORE 44.4

My neighbor's son clicked 'yes' when he should've clicked 'no' to some and now they get all kinds of 'scan for spyware' popup ads and porn, and he's asked me to help remove it. Please help.

Thank you so much for any assistance you can give.



Deckard's System Scanner v20070611.50
Run by Owner on 2007-10-24 at 18:30:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2007-10-24 22:31:27 UTC - RP748 - Deckard's System Scanner Restore Point
6: 2007-10-24 07:44:03 UTC - RP747 - System Checkpoint
5: 2007-10-23 06:46:13 UTC - RP746 - System Checkpoint
4: 2007-10-22 05:47:05 UTC - RP745 - System Checkpoint
3: 2007-10-21 05:37:37 UTC - RP744 - System Checkpoint


-- First Restore Point --
1: 2007-10-19 04:21:24 UTC - RP742 - Removed Google Earth


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:36:56 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32... Read more

A:[SOLVED] annoying Spyware

Hello MrSethT

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That m... Read more

Read other 4 answers
RELEVANCY SCORE 44

I have that annoying "You have unwanted spyware - download antispyware software by clicking OK".The biggest problem is when Googling. I have Norton AV 2008, and I ran my Verizon Security Suite, which found problems but did not remove THIS problem. I ran Spybot Search & Destroy, but this problem continues. I also run SpywareBlaster, and the problem, remains.I have a HiJack This log to post, but I'll wait (as per the instructions).Mod Edit: Topic moved to more appropriate forum~ TMacK

A:Annoying Virus/spyware/malware Pop-up

Try running SmitFraudFix.

Read other 13 answers
RELEVANCY SCORE 44

So the past week ive been getting really annoying popups, about 1 pop ups for every page i go to, even google.com, and it just keeps on popping up, and i get weird process running, tried running Malwarebytes anti malware, it removed some spywares, and then i ran spybot search and destroyed, removed some more and then i finally ran combofix and it removed some more. After doing that so, i keep getting popups still, nothing fixed, and i re-do the scanning again. It found some more spyware. Then i finally used Panda's antivirus free scanner online and it removed some more. But here anyways, my last resort is this forum, heres my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:15 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\exp... Read more

A:Annoying Popups cant remove spyware

Nevermind i solved it, the reason why i kept gettin those spyware is because my malwarebyte was an old version and i just updated and it looked like it found a lot more, now no more popups, thansk anyways.
 

Read other 1 answers
RELEVANCY SCORE 44

Ive always liked cleaning my computer with programs and have never gotten problems removing spyware because I search at google, search at forums and have also have the programs Ewido, SpywareGaurd, CounterSpy, Ad-Aware, SpyBot SD and Spyware Blaster but I dont know why some spyware keep coming back called Trojan.Pakes, Downloader.Small, and a file that adds a BHO called vtsqo.dll which is at the system32 folder. I use Windows XP which is up-to-date and have all my programs updated and I scan at Safe Mode but after a while a popup comes up from Ewido saying im infected with Trojan.Pakes/Downloader.Small and/or Spyware Gaurd comes up saying vtsqo.dll is trying to add a BHO and when I click "Remove the BHO" it just keeps coming back to the same window again so I cant take it off. I even went to Safe Mode, scanned with Ewido and then used a program to remove all my temp files but it keeps coming back. Please Help, I will do anything to take those things off. Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21 AM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Co... Read more

A:Annoying Spyware Keeps Coming Back

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 44

Hi, thanks for looking!

Recently I've been getting some popups saying stuff like I've been on adult sites or I have a virus and asking me to buy things like WinAnonyomous, AdvancedCleaner, SystemErrorFixer and MalwareAlarm. I've also been getting some internet explorer pages popping up dispite have a popup blocker.

My antivirus software (AVG Free Edition) keeps telling me its detected a virus, but luckily it can be healed or moved to the virus vault.

Also, the bottom bar with 'start' etc on it keeps disappearing and my computer is constantly crashing. My boyfriend told me this is explorer closing and restarting, but I don't know. The attached image is just after this has happened, all my icons have disappeared and the 'start' bar is not displaying programs. They reappeared after a minute or so.

Please help, I'm really worried about buying things online now and I can't do anything I normally do on my pc.

Thanks in advance!
Jess

EDIT: Oops - forgot screenshot!

A:Spyware/Adware and annoying popups - please help! D:

Hello and welcome to TSF

I would recommend that you go here; read and follow the instructions very carefully; then, post all the requested logs and information; as instructed, to here. (Just click on the coloured links.)

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.
Good luck

Please also remember DO NOT post your logs in this thread, please start a new thread here. (Just click on the coloured link.) and post the logs.

Read other 1 answers
RELEVANCY SCORE 44

Hello
I am running Windows XP Home SP2. Recently I downloaded a file of questionable origin (I couldn't cancel the download after realising it had a hidden .exe file extension - I hadn't installed AVG yet) and I ended up with lots and lots of spyware. Initially I just got the normal stuff, the hardcore porn desktop shortcuts etc, but the problem's been getting worse and worse.

I started up my computer about ten minutes ago. Since then I've had the following happen without me telling it to:

-Desktop changed to 'Spyware Alert' desktop (blue and yellow) as soon as I logged on - this happens every time
-Two rogue "antispyware" installers; SysCleaner and SystemDefender
-Two "SystemDefender Security Centre" popups
-Countless "Windows Security Alert" alert boxes
-Background noise every so often; as if my PC is playing internet radio stations. Both advertisements and random clips from cartoons tend to play. If I cancel the iexplore.exe process (I use Opera), these clips stop.
-Internet Explorer clicking and alert noises in background
-Two alert boxes as soon as I log on - cannot find 'C:\Windows\system32\winupdate.exe' and cannot find 'C:\Windows\Shell.exe'.
-After using the internet for a few hours, it tends to slow down a lot. This cannot be blamed on downloads etc as I am sure that none are running. This problem is temporarily fixed by restarting the computer.

I am just running Vundofix now, which has found a few problems. I will now ... Read more

A:Incredibly annoying malware/spyware

1. Download & save this file to DESKTOP - http://download.bleepingcomputer.com...+/ComboFix.exe

2. Double click to run it

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 1 answers