Over 1 million tech questions and answers.

Solved: HijackThis Log & Spyware/Viruses

Q: Solved: HijackThis Log & Spyware/Viruses

Hi, I've been having a lot of trouble with spyware, too. I keep getting pop-up ads from xlime.offeroptimizer.com and stuff like that. I have run Adaware and Spybot S&D numerous times, as well as scanning with McAfee virus scan, even in safe mode, and can't seem to get rid of them. Here is my HijackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 2:34:40 PM, on 10/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SM1BG.EXE
C:\Documents and Settings\Jeff Walker\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [65U] C:\documents and settings\jeff walker\local settings\temp\65U.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ahrcbu] C:\WINDOWS\system32\eodktn.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_804/sdcregie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
Thank you so much for looking at it!

RELEVANCY SCORE 200
Preferred Solution: Solved: HijackThis Log & Spyware/Viruses

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Solved: HijackThis Log & Spyware/Viruses

Read other 13 answers
RELEVANCY SCORE 69.6

Hello everyone,

Removed the following viruses using Norton:

Trojan.Startpage
Trojan dropper
Backdoor.Agent.B

Also ran Spybot and AdAware SE:

Please check HijackThis log to see if anything else can be removed.

Logfile of HijackThis v1.98.2
Scan saved at 12:07:04 PM, on 12/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWPEVNTM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\DESKTOP\INTERNET SECURITY TOOLS\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\EXPLORER.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ... Read more

A:Solved: Removed Several Viruses and spyware. Please check HIJackThis log.

Read other 7 answers
RELEVANCY SCORE 61.6

I scanned my desktop with F SEcure cause I haven't done so in a very long time and it came up with a lot of viruses and spyware. I did all of the steps and now here is my hijackthis log. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:13:20 PM, on 8/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXEC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exeC:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXEC:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32... Read more

A:Several Viruses And Spyware/hijackthis Log

Hello beatlesusan,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 3 answers
RELEVANCY SCORE 60.8

I'm getting IE errors. Aurora keeps popping up. I just got rid of 2 trojans and 2 viruses but couldn't get rid of the last one. My computer is running slow. Please help. I don't think I know as much as I thought I knew about computers. Thank you in advance.
Logfile of HijackThis v1.99.1
Scan saved at 2:36:23 AM, on 6/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
c:\windows\system32\qqyucc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:... Read more

A:Please Help me!!! Viruses, spyware, and errors. Hijackthis log

Read other 10 answers
RELEVANCY SCORE 60.4

Your help is requiredd here. I am posting the HijackThis log for my computer which I just recovered from severe Windows corruption and hard disk damage. I already performed Full System Scan through several softwares; antivirus, antispyware, but still the computer is infected with a trojan sitting in Windows folder and called, PIPAKQ.EXE. i am totally confused now of what to do and which software would be able to recover my PC from the tracks of these dangerous worms and trojans. Please help me out and your effort would be appreciated!
---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:58:58 AM, on 12/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\F-S... Read more

A:Trojans, Viruses, Spyware Attack... HijackThis Log

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

WinPfind.zip - download & extract the contents to it's own folder at the root of drive C

TrackQoo.zip

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading.

Please disable Spywareguard, as it hinders the removal of some entries. You can re-enable it after you're clean. Right click the running icon of Spywareguard located in the system tray
Go to Menu > File > Exit and confirm the programs close.
It is IMPORTANT that you don't... Read more

Read other 11 answers
RELEVANCY SCORE 60.4

Right, firstly when i used to load up XP and i tried to open Internet Explorer it would crash and also when i clicked on Documents and Settings in C drive it would say that i had a bad file in my C:\Windows and that i should download some spyware scanner thing then a few days after this stuff happening and me not being able to sort it out, I started up XP one morning and it wouldn't let me click on anything it lets me move my cursor but when i click on things nothing happens, i'm currently running my pc in safe mode with networking, I've installed Spybots Seek and Destroy, it picked up a trojan file named Win32.Agent.gvu and 5 malware files and a few other things which didn't seem of much harm, but i removed all of the files it listed and then rebooted my pc into XP normal mode and the same thing happened it wouldn't let me click on anything, I've run Hijackthis and these are my results, could someone please help me?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:24, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee... Read more

Read other answers
RELEVANCY SCORE 60.4

I am helping my brother with his computer. I have used as-aware, spybot s & D, cwshredder, and spyware blaster, as well as antivirus software. I think I've got it pretty clean, but would appreciate someone checking for anything unsafe on the hijackthis log. The operating system is Windows ME.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 1221 AM, on 3/18/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\PROGRAM FILES\COMPAQ\COMPAQ MESSAGE SCREENER\BIN\COMPAQ-RBA.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\S... Read more

A:Hijackthis log - lots of spyware, adware, & viruses

Hello pastoral sec.,

Please copy this page to Notepad since you will not have any browsers open while you are carrying out these instructions.

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites.

---------------------------

Open Computer. Select the Tools menu and click Folder Options. Select the View Tab.
*Under the Hidden files and folders heading:
* Select Show hidden files and folders.
* Uncheck the Hide protected operating system files option.
Also make sure there is no checkmark beside Hide file extensions for known file types Click OK.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

---------------------------

Run a scan in HijackThis. 'Check' each of the following if they still exist:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [MISSetup] F:\MIS\ENU\setup.exe
O4 - Startup: PowerReg Scheduler V3.exe
O15 - Trusted Zone: http://*.frame.crazywinnings.... Read more

Read other 9 answers
RELEVANCY SCORE 60.4

I believe I downloaded a trojan/malware from a download and since then, I've been getting this Antivirus installation prompt quite often. Obviously, it's a virus itself so I didn't download it. I've ran McAfee in safe mode, but it seems it hasn't done much help.
Also, explorer.exe has not been automatically starting itself while my PC is booting up or terminating when shutting down. I've manually had to start/end explorer.exe. This happened I believe only once before I downloaded the malicious file. Can this problem be linked to a malware/virus infection?

I got hijackthis and ran it. Here it is:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDO... Read more

A:What can I do to get rid of malware/spyware/viruses? Hijackthis log included

Read other 6 answers
RELEVANCY SCORE 59.6

I had my computer hijacked recently while downloading some Chinese game she wanted to play. Didn't start out too badly, but things have really taken a turn for the worse these last couple of days. For a while windows was rebooting itself with in a few seconds of starting, but things have stablised somewhat for now. I understand that you're busy, but please don't delay too long, as my service provider will block my ip if my computer isn't clean soon.

How rude of me, should've said thanks first

Popups:

www.aaash.org
adtaobao.allyes.com
www.vooyoo.com
b116.exe "The instruction at "0x7c911e58" referenced memory at "0x006e0020", The memory could not be "read" Click on OK to terminate the program
Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 2:14:37 PM, on 19/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Touch and... Read more

A:Hijackthis: Innundated with all manners of trojans, viruses, spyware

Bump. Sorry, but this is really getting to be an emergency. My ISP has blocked my service and I had to go to uni to check here. Please help!

Edit: I went and did some things on my own and it appears as if the situation's a little better. I disabled the malware registered as trojans and used combofix to get rid of the other more irksome trojans, and I think the system's now trojan free. A run through with Spybot and AVG anti-spyware found only ad-ware (boran.1 and wsearch according to Spybot), which remain as resistant to my efforts of deletion as ever, as well as some tracker cookies. No more popups either, but on the other hand performance is possibly even more sluggish before, and explorer still has a puzzling tendency to crash shortly after rebooting. Also to ensure the other anti-malware programs hadn't missed anything, I tried to use pandascan, but it only crashed internet explorer, as well as windows explorer. I'm guessing I'm still missing something important. Here are the new HijackThis and AVG anti-spyware logs.

Oh and I ran a trendmicro housecall test and found nothing.

Logfile of HijackThis v1.99.1
Scan saved at 9:44:25 PM, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\... Read more

Read other 1 answers
RELEVANCY SCORE 54

Hi
I have Windows XP
Since 18/12/07 my PC has been inundated with the following viruses:
W32/Backdoor.AJHB
W32/Agent.WF
W32/Trojan.AEMD
W32/Downldr2.OPW
W32/Trojan.ABS
W32/Downldr2.CMZ
W32/Virtumonde.OX
W32/Downldr2.ATQJ
These have been deleted by PC guard but everytime I scan I still keep picking up more viruses on the system.
I'm also getting popups which I didn't used to. I managed to delete Wintouch from my registry which helped alot.
Randomly, Internet Explorer closes.
On startup I keep getting a rundll error box which says C:WINDOWS\sysem32\jukkqyvb.dll The specified module could not be found.
Also, PC guard shuts itsf down saying 'PC Guard is running in another account. To run PC Guard in this account you must return to the other acccount and manually shutdown PC Guard' But it is lying as it not running in another account and I spend ages trying to restart it.
As you can expect, all of this is making my computer run really slow. I hope someone can help me. Thanks
 

A:Solved: viruses, spyware

Read other 16 answers
RELEVANCY SCORE 54

Showing my ignorance, I was wondering, people who are useing these things to
get in computers, to make money, or, for some
type of selfish gain, makes me wonder,1. Can't
we use the same technology to find out where it's
coming from, and stop it? 2. Is there any agency
or commision that's responsible for trying to
track, find, and put these people out of business?
It's all really to technical for me to understand,
but, they use technology to infect PC's, isn't it
possible to use the same thing to find out, how to
put these people on, the defensive, not offensive?
I know i'm showing my ignorance, but is it possible, or is something like this already being
done? Just curious.
chuck-HD
 

A:Solved: Spyware, Viruses, What's Being Done?

Read other 9 answers
RELEVANCY SCORE 54

We have an anti-virus program on our computer. For the last couple months we've learned to live with ads popping up on EVERYTHING. If your playing solitaire, on Microsoft Word, Paint, etc. It doesn't matter, ads are always popping up. It started with something called WinAntiVirus and WinFixer - both advertising virus protectors, and now we get something call SysProtect popping up, as well as a few inappropriate sites that display our city and province on it. Sometimes we get something saying it will redirect us and is not available in our area. We get search sites for dating, etc. We learned to live with it for a few months, but it's starting to get on my nerves. I have run many many many virus scans. In the summer, at one point it found 65 trojans on our computer. I deleted all, cleaned the computer of viruses and spyware daily. I'm positive these ads are spyware...I don't know what else it could be. However, even if I delete all the spyware the scan finds, the ads don't go away. We don't get trojans anymore, (not often anyway).

Just recently, everytime I log on a user our virus protector pops up saying we have a virus. Then it has the options Quarantine (reccommended) , Delete and Do nothing. The virus is always a "Packed.Win32.Klone.k". Quarantine never works - it always says "(1) virus was not quarantine. It is reccommended that you get rid of this..blah blah blah" So we found deleting always works. But again, there ... Read more

A:Solved: Viruses & spyware

Read other 16 answers
RELEVANCY SCORE 54

System Specs

Intel Celeron D 2.8Ghz
512MB DDR 400
Windows XP Home, Service Pack 2

Problem

This is a system Im looking at for someone. Now when I first recieved it I had problems with Spyware, Ad-Aware, Viruses etc, after cleaning up what I could Im left with a system now that wont let me access the Control Panel, Task Manager etc as Im not an admin.

I tried booting up In safe mode and accessing the Admin account there, which i did but the same problem lies here, as such I can't access the User Accounts.

Now Im also left with some Malware, most notably WinAntiVirus that wont budge. I also get Pop-Ups that ask me to download this and that.

Can anyone help ?



HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:12, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Secu... Read more

A:Solved: Spyware, Viruses, Help !!

Read other 9 answers
RELEVANCY SCORE 54

Hello. I am hoping someone can help me out. My computer is rather slow and one of the other users on this computer said there were lots of pop ups. Can one user be afflicted with popups, while another isn't? Anyhow, here is my hijack this log.

I am using Windows Millenium.

Logfile of HijackThis v1.99.1
Scan saved at 2:37:20 PM, on 8/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SERRDCTL.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC S... Read more

A:Solved: spyware? Viruses? Are they here?

Read other 16 answers
RELEVANCY SCORE 53.2

Wow, do I have a mess! First of all, let me say I am running winXP pro, and am VERY new to it, so I'm feeling lost to start with! There are two accounts set up, both with admin permissions, but one thing I'm wondering is when I run my anti virus and ad aware, spybot, etc.... am I checking the whole computer, or just one user? In other words, should I run everything from both accounts? The reason I ask is I noticed a difference in AVG scan results from different users....as I will try to now explain!

It started this morning when my dh was looking for desktop wallpaper....a window popped up for him to download something (of course he doesn't remember WHAT!! ) and he clicked OK. Suddenly there's viruses and spyware all over! The first 3 scans were done from his user account, and the results were as follows:

1st AVG Scan result

several files not able to be opened/scanned
VIRUS Revop.C (in temp. int. files)
VIRUS Downloader.Dyfica.2.AA (in temp. int. files)
VIRUS Dropper.Delf.3.L (in C:\TEMP\INSTAL~1.EXE)

All of the above viruses were supposedly moved to the virus vault following scan.

2nd AVG Scan Result

still same files not able to be opened/scanned
NO VIRUSES DETECTED

3rd AVG Scan Result

still same files not able to be opened/scanned
VIRUS Trojan horse Revop.C (in temp. int. files)

Again, the above virus supposedly moved to virus vault after scan.

Then I got on here and looked through there. Seeing that the viruses were all in temp. int. files I ... Read more

A:[solved]Viruses & spyware...need help big time!

Read other 16 answers
RELEVANCY SCORE 53.2

Hi there
Using Windows XP, have had problems with multiple viruses, adware and spyware. Have been using AVG Antivirus, AVG Anti-Spyware, Prevx Microtrend Housecall, but seems to be a cycle of being able to delete and then other malware comes back on rescan. Any help would be much appreciated. HJT log as follows:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:45:17, on 02/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Intel\Intel... Read more

A:Solved: Problem with viruses, spyware - help please

Read other 11 answers
RELEVANCY SCORE 53.2

Okay. I recently tried to download a keygen. Don't scream at me, I know that's wrong but I was desperate. Anyway, I'd never done that sort of thing before... so when it didn't seem to download anything.. I repeated the process three times. And then wa-la! All sorts of false security notices popping up, my homepage is not my own, blinking icon in the system tray telling me to "click this bubble to install important anti-spyware software", and I can't seem to extract two games that I have downloaded.. it just stops responding. I downloaded ewido (now known as avg anti-spyware 7.5) and hijack this, as well as ATF cleaner. I ran AVG/ewido in safemode. It took care of the blinking icon but that was it. I am also running System Mechanic Pro 6 (which comes with Kasperky Anti-Virus and Kaspersky Anti-Hacker). I am attaching a Hijack this log, an ewido log, and a dxdiag to give you my pc info. Please help me with this! Yesterday when I opened Internet Explorer 148 windows opened in an instant.. I've done everything I knew to do with my limited PC knowledge and now I need more help =(. Thanks in advance.
 

A:Solved: Spyware, adware, and viruses.. oh my!

Read other 16 answers
RELEVANCY SCORE 53.2

Good afternoon,

A friend of mine gave me his PC, said it was loaded with Spyware, etc... I ran Spybot S&D, AdAware and Norton 2006 which is installed and is configured and running properly.

Could someone please check out his HiJack This log file and see if they can find anything else.

Thanks.

Feral Geek

Logfile of HijackThis v1.99.1
Scan saved at 2:42:42 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Common... Read more

A:Solved: HiJack This log - Spyware/Viruses?

Read other 15 answers
RELEVANCY SCORE 53.2

Symptoms: Unable to renew NAV subscription

Also, PC freezes when *.doc opened and email account password not recognized by email provider

1st HJT log
Logfile of HijackThis v1.99.1
Scan saved at 7:16:25 PM, on 2/13/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXBSPPLS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\LEXMARK\LEXMARK PRECISION PHOTO\MEMCARD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALONEMESSAGECENTER.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS S... Read more

A:Solved: viruses & spyware need removal

Read other 9 answers
RELEVANCY SCORE 53.2

My computer is a plethera of crap. You'll soon find out that I'm pretty computer illiterate, so I'll try to give as much info as I can.

First of all, I dont have a virus scan on my computer, I usually use the free resources (housecall) and scan occasionally. I was under the (false) assumption that I wasnt in any danger as long as I didnt download anything sent in email (i use hotmail which scans for viruses anyway). I stumbled across panda today and decided to scan and see what it found as my computer is slower than dirt and I have a broadband cable connection. No idea how 'big' my computer is, but its about 4 years old, HP and running Windows ME. I hope thats enough info to get you going.

I ran Panda early this morning and it found this:
Incident/Status/Location

Adware:adware/virtualbouncer No disinfected C:\WINDOWS\SYSTEM\2ndsrch.dll
Adware:adware/gator No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\HDPlugin1014.dll
Adware:adware/ncase No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\nCaseInstaller.dll
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\BIINI.INF
Adware:adware/portalscan No disinfected C:\PROGRAM FILES\STC
Adware:adware/addestroyer No disinfected C:\PROGRAM FILES\AdDestroyer
Adware:adware/windowenhancer No disinfected C:\WINDOWS\SYSTEM\SBUtils
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\BI.INF
Adware:Adware/WindowEnhancer No disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
Spyware:Spyware/BetterIn... Read more

A:Solved: Spyware, Viruses and Adware, OH MY

Read other 13 answers
RELEVANCY SCORE 53.2

Hey guys, I'm new here so please go easy on me

I've somehow managed to get my desktop completely infected with viruses and trojans. It was giving me some problems the other day so I decided to go ahead and format and do a fresh install (before I even realized I had viruses or spyware). After the install, I made it through one round of Windows Updates before I started getting pop-ups, critical errors, and other problems. I noticed about 30 .exe files in the root of my C drive, as well as about 10 different programs installed in Add/Remove Programs. I uninstalled all of those, deleted the .exe's, and then ran Hijack this. The log is as follows:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SmFzb24gT2xhbmRlcg\command.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sysldr32.exe
C:\WINDOWS\System32\winupn.exe
C:\Program Files\Common Files\{EC297342-0972-1033-1125-050217060001}\Update.exe
C:\PROGRA~1\COMMON~1\RACLE~1\rundll.exe
C:\WINDOWS\??curity\j?vaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no fi... Read more

A:Solved: Viruses and trojans and spyware...

Read other 16 answers
RELEVANCY SCORE 53.2

Your help got rid of numerous viruses and spyware on my father in law's computer. Same guy who still uses dial up. Here is my latest log and just want to make sure that everything is OK. I used some of the big names such as Panda and Trend Micro. But I had to resort back to your website for the big ones: AVG, Spyware Bot, Spyware Dr., Dr. Web, etc. to finally get rid of everthing. Here is the latest log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:35:38 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&... Read more

A:Solved: Your Help got rid of: 14 Viruses, 148 Spyware, and 3 dialers

Read other 14 answers
RELEVANCY SCORE 52.8

An acquaintance, who recently got satellite DSL loaded with its own anti-virus
& firewall, leaves his comp on 24/7, thinking he's immune to all the bad stuff...
What advice can I pass along from the knowledgeable one?
Thanx
 

A:Solved: Immune from Hackers, Spyware, Viruses?

Nope, bad surfing habits and DL'g the wrong things will get him

He needs these but nothing is bullet proof!

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, check each for their
definition updates and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize
 

Read other 1 answers
RELEVANCY SCORE 52.8

this has got to be the most frustrating virus i have ever encountered. I believe the worm is called Agobot.il (i think it's a.k.a. Gaobot), and it lies in a program called "atiphexx.exe." It seems to slow down my computer, and affects the speed of another computer i am hooked up to with a router. the activity light has been freaking out when my computers are online, and when I end the process of "atiphexx.exe" in the task manager it stops the rapid blinking on the DSL modem and the router.

I've done some research on this virus so far, but I am still somewhat stumped as to what I should do to completely rid myself of it. I may also have other viruses besides this one (I had a trojan before-- TROJ ISTBAR was the name, I believe), and I need to find out how to fix them once and for all. Any help would be *GREATLY* appreciated.

A major problem of this virus is that not only that it freaks out my activity light and slows down my computers, but it also seems nearly impossible to fix, as it blocks access to any antivirus website, and disables any functionality with antivirus software that is already installed. I was looking through my task manager, trying to identify processes that I didn't recognize, and I luckily stumbled onto this virus, which looks very incidious in terms of what it does.

I did an online virus scan through Trend Micro, and their "housecall" revealed 4 viruses, all of which are not cleanable:

TROJ ISTBAR.F
DOS AGOB... Read more

A:[Solved] viruses+spyware: agobot.il specifically....help!

Hi rungood2001

Welcome to TSG!

If you still have Kazaa, uninstall it.

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [Microsoft Tray] C:\My Shared Folder\vgbb_full.exe.exe

O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\Program Files\SafeSurfing\SSUpdate.exe

O4 - HKLM\..\Run: [AtiCpanel] atiphexx.exe

O4 - HKLM\..\RunServices: [AtiCpanel] atiphexx.exe

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/177294dd75df14...ip/RdxIE601.cab

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then click Tools > Folder Options. In Folder options click on the View tab. Under Files and Folders tick "Show hidden files and folders" then uncheck "Hide file extensions for known file types" and uncheck "Hide protected operating system files (recommended)". Now click "Like current folder" then "Apply" and "OK"

Now find and delete:

The C:\Program Files\SafeSurfing folder
The C:\My Shared Folder\vgbb_full.exe.exe file
The C:\WINNT\system32\atiphexx.exe fike

Empty the recycle Bin.
Go here and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of... Read more

Read other 3 answers
RELEVANCY SCORE 52.8

I have had alot of spyware problems and virus problems. I have tried to clean it all out and that. Could someone please check my hijack log. Also what is the best antivirus program that will keep viruses and spyware off my computer and will not slow down my computer.

PC's are pissing me off, With all this vrius and spyware crap.

========================================================
Logfile of HijackThis v1.99.1
Scan saved at 8:27:32 AM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod... Read more

A:Solved: problem with spyware and viruses, please check my log.

Read other 16 answers
RELEVANCY SCORE 52.8

On a post I made a few days ago, I described that my computer has been progressively getting worse--I will be on the internet and then out of no where, I will get an Internet Explorer error and have to close the internet. after that, I will be able to open internet right back up and then again, a few minutes to sometimes an hour later, it will have an error again. now new major problems that just developed yesterday or the day before are spylocked stuff on my comp. and a lot of pop-ups saying that i have a ton of spyware and viruses. viruses that Trend Micro PC-cillin 2007 have quarantined are the following: isamini.exe, A0041188.exe, ISAMINI.exe, A0041250, A0042214.exe. I also get a system alert message at the bottom of my screen by the clock that says my internet has been slowed down by 39% and all this stuff, but I don't know if it is real or a virus itself. here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:44 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Progr... Read more

A:Solved: spylocked and lots of spyware/viruses!

Read other 6 answers
RELEVANCY SCORE 52.4

HJT Log problem with pop ups and viruses

My problem is every time I open up the internet I get pop ups and ads. Most of the time they are telling me that I have viruses on my computer or there is adds to download anti-virus and anti-spyware programs. I also have problems with viruses. Every time I scan and get rid of them, next time I scan they come back.

I have run Spybot Search & Destroy 1.5 and it found some things and fixed them. I also ran ad-aware it found critical objects but every time I delete them then rescan there is more.I am really sick of this so if you guys could help me that would be great.

My hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:11 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS... Read more

A:Solved: Hijackthis Log---problem with pop ups and viruses

Read other 16 answers
RELEVANCY SCORE 52.4

So I'm basically "computer-challenged"
but my friend told me to show you guys my log and you can help me step by step :]
so i hope you can! I keep getting pop ups every 5 mins, and a pop up when i search something on google =[

HERE'S MY LOG:

Logfile of HijackThis v1.99.1
Scan saved at 5:04:36 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WebcamMax4\wcmmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
... Read more

A:Solved: HIJACKTHIS LOG. I need help deleting viruses!!!!

Read other 16 answers
RELEVANCY SCORE 52.4

Logfile of HijackThis v1.99.1
Scan saved at 6:53:48 PM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\ECHODI~1\Console3\launch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Norton AntiVirus\NAVW32.EXE
C:\PROGR... Read more

A:Solved: am I vanquished of viruses? [hijackthis log]

Read other 16 answers
RELEVANCY SCORE 52

Hi,
I'm afraid that my Dell Latitude D620has become infested with several Trojans, Spyware and viruses. I would much appreciate your help in removing these. I am a 'medium level' user, and am already running Symantec Anti Virus as well as Comodo Firewall.

I ran 'HijackThis' and got the following Log File:
--
Logfile of HijackThis v1.99.1
Scan saved at 4:00:15 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system\msnntlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ntlmaps\ntlmaps.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quinnipiac.edu/
R1 - HKLM\Software\Microsoft\Internet ... Read more

A:Solved: Request help removing suspected spyware and viruses

Read other 8 answers
RELEVANCY SCORE 52

I don't think I've ever seen a computer quite like this before.
Any help is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 2:27:31 PM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\msnmes.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\FreePOPs\freepopsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\wsrv32.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\WINDOWS\rusto.exe
c:\PROGRA~1\Toolbar\WSG.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Setting... Read more

A:Solved: Multiple Viruses and Spyware removal help - Hijack Log

Read other 10 answers
RELEVANCY SCORE 52

Hi,

I am writing because I would like some advice on what's the best and most efficient way to keep my PC protected against viruses and spyware on a regular basis. I used to have Windows Live One Care that came with Windows Vista and I used that for a year, and now it's replaced with something else and before I sign up for this something else for another year, I thought I would check if there is a better way to do this. What I liked about it is that it worked on its own, did regular updates without any interference on my part, except to ask for action when it found something weird. But, I do know there are sites out there where I can download free open-source anti-virus software.

Any suggestions? Thanks!
 

A:Solved: Internet Security: Protect PC against Viruses/Spyware

Read other 7 answers
RELEVANCY SCORE 52

Hello, and thanks to whoever helps me!

We've recently bought a computer and it was unpatched and the previous owner had kazaa, which i promptly uninstalled. I ran spybot, Ad-Aware SE and MS Antispy Beta, but there are some things that will not go away, and there are some viruses. NAV 2002 was installed, but i think something has corrupted it. Whenever i try to run NAV, the task manager, or most security things, something decides to kill it. Even when browsing the internet, if i go to security sites, it will dump me to the desktop. I did manage to get HJT running in safe mode, and here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 10:23:13 PM, on 11/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jennie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Sea... Read more

A:Solved: Viruses and Spyware blocking Task Manager, etc

Read other 16 answers
RELEVANCY SCORE 52

So yea Hi, I am having a problem where some of my programs seem to be uninstalled somehow or having the files missing. For example I had a program Daemon Tools on my computer to add an extra drive. When I tried to open the program it was searching my computer for the files but couldn't find it. Weird thing is, the extra drive is still on my computer. Also my Steam client started acting funny and also my internet explorer and AIM have been randomly crashing on me. Also all my system restore points are erased. Any help is greatly appreciated : \

I dunno if i have to do this but I'm going to post my hijack this file

Logfile of HijackThis v1.99.1
Scan saved at 12:30:06 AM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\... Read more

A:Solved: Computer acting really funky, viruses? spyware?

Read other 11 answers
RELEVANCY SCORE 52

My question is on the attachment. I had trouble filling in this form.
 

A:[Solved] Much spyware, viruses. Can I make startup disk?

Read other 16 answers
RELEVANCY SCORE 52

Windows XP SP1

I am working on the neighbor's daughters computer. Her kids are now away from home so she dicided to finally get it going again. Her daughters really messed it up for her. Anyway it is a Windows XP SP1
I ran adware and caught 1357 items--cleaned them
spybot caught 67 cleaned all but 4
put spyblaster on
scriptdefender
IE-SPYAD
BHHijackblaster
She has norton and it caught I beleive it was 69 virues recommended deleting them so I did.
ran cleanup in safe mode
deleted all temp files and cookies and history right before I ran it but thought it was a good idea to run it anyway.
I put on spyguard
Ewido I run it but there is something on it called adsoft that must have 100s if not 1000s of infections. I can't get them all removed. It starts with aksoft and at the end of the address is like a/a and it goes through the whole alphabit and then goes to a/b and the the whole alphabit and then a/c/ and the whole alphabit I am sure you get my drift I don't know if I should keep deleteing them or not. I will give you the name of some of the stuff that was the worst like elite toolbar and , admilli servicem AproposMedia,DelfinMedia, Downloadwave.SED, Downloaderware, DyFuCa, Elitum.EliteBar,eZula,, Huntbar, IBIS Toolbar, LSA, n-Case, NetworkEssentials.Hopper, Network.SEARCH.EXE, Network Essentials.SmartPops, NicTech Networks, Pwopleonpage, SearchMiracle, Shopathome, Startpage-AP, SurfsideKick, Tango, TargetSaver, VMS-Server, VX2/f That was just Spybot. anyway... Read more

A:Solved: Windows XP SP1-Lot of spyware,adware,viruses, etc-any help would be appreciated

Read other 16 answers
RELEVANCY SCORE 51.6

Logfile of HijackThis v1.99.1
Scan saved at 5:21:42 PM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mstc.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main... Read more

A:AIM spreading viruses and over 2000 viruses/spyware cleaned.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download and install Ewido http://www.ewido.net/en/download/
Double-click the Ewido icon on your desktop to run it.
On the top of the main screen click Shield. Click the word active to change it to inactive.
On the top of the main screen click 'Update'. Then click on 'Start update'. The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can get the manual update at http://download.ewido.net/ewido-sign...ll-current.exe
When you have finished updating, exit Ewido.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ).

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com... Read more

Read other 14 answers
RELEVANCY SCORE 51.6

Greetings!

I am having trouble with popups and getting rid of viruses. I used AVG to remove all viruses, however, it finds but cannot remove the Look2me virus. The look2me destroyer appeared to work, however, I have about a dozen viruses that infect my machine whenever I turn my back for two seconds.

Adaware scans and finds, but locks up when I attempt to remove or quarantine. I have performed the 5-step process.

1) Remove malware - was able to remove all malware except 'DH.'
2) Run online scan - was able to run, and is posted below.
3) Install immediate protection - installed and configured Spyware Blaster - the IE Spypad information looks both cumbersome and dated.
4) Update operating system - Installed all Windows updates this morning.
5) Install DSS scanner - Installed, but program locks up and closes when attempting a scan. Cannot paste scan or attach files per recommendations.

Any help would be greatly appreciated!

Here are my logs:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:52 PM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.e... Read more

A:[SOLVED] Spyware scanners lock-up, constant pop-ups, pesky viruses!!!

FYI - Please disregard this post. I have fixed my virus issue(s) using methods advised to other users.

Thanks!

Read other 1 answers
RELEVANCY SCORE 51.2

Hi,

Can someone help me delete anything suspicious. I ran AVG and it got some bugs out but PC still not right. I also reinstalled windows before I realized I had viruses. I am a paid up member. Tnx.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:42 PM, on 08/30/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Rocket Software\Rocket Mobile & Security Apps\MobileCenter.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT\system32\dllcache\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\HiJackThis.exe

R0 - HKCU\... Read more

A:Solved: Log file (hijackthis) for Windows 2000 Pro - has viruses

Poster has solved this problem: http://forums.techguy.org/malware-r...hijackthis-log-file-win-98-a.html#post5083759
 

Read other 1 answers
RELEVANCY SCORE 50.8

Hi, thanks for reading and any help that may be offered. I'm trying to clean up a friend's computer for him and it's pretty loaded with nasty things. I've installed AVG 7.1 Free Edition and Ad-Aware SE Personal and done a little clean up that way but there are still plenty of things on here, I think. As far as I know, there is no firewall in place other than the WinXP default and it has been and is turned on. The homepage is constantly reset to about:blank and always takes a new browser to bestsafetyguide.net. Numerous pop-ups plague the desktop while computer is sitting idle apparently not running any active programs.

Here's a hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 2:05:14 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.ex... Read more

A:Solved: Viruses, Trojans, Spyware, etc. on WinXP Home Edition - Need Help Removing

Read other 11 answers
RELEVANCY SCORE 50.8

AMD Athlon 1500+
1300 mghz
1 gig RAM

Windows xp
professional
version 2002
service pack 2
Hi,
I got a problem with some spywares or viruses since this morning. I can't get any antivirus or anti spyware to run and the worst is that I can't run HJT, superantispyware or any other tools like this.
I've made an online scan with bitdefender and trend micro, but they can't delete the infected files.
I Know by these programms that there is at least a trojan.spy.zbot infecting my system.
How could I get rid of these viruses if I can't use HijackThis and other programms like that?

Help me please
 

A:Solved: viruses (trojan.spy.zbot) desactivated antivirus and anti spyware

Finally I've been able to use malwarebytes' anti malware and my antiviruses are back to normal. So I think i'll be able to finish it myself

Thanks
 

Read other 1 answers
RELEVANCY SCORE 49.2

hello! my own pc is a lean green mean fighting machine but my family pc (used by 6 different users) is another matter entirely! now I have decided to game on it in an orpg that requires a steady ping, I need to totally fix any problems that are on it! can anyone give me or link me a guide to what programs I should run to solve the bulk of problems!

thanks in advance.
 

A:help to remove spyware, viruses etc etc after a long period of no anti spyware!

Read other 9 answers
RELEVANCY SCORE 48

I just found out i have spyware. Here's my log:

Logfile of HijackThis v1.98.2
Scan saved at 5:59:21 PM, on 12/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\windows\SOUNDMAN.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Optimizer\actalert.exe
c:\program files\180solutions\sais.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\PROGRA~1\COMMON~1\tsa\ts2.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Def... Read more

A:Solved: HiJackThis Log...Spyware....

If anyone can help me I would Apreaciate it!
 

Read other 2 answers
RELEVANCY SCORE 47.2

i have no internet connection, tells me theres a conflict with an IP address already in use,
thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:08 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\Syste... Read more

A:Solved: Hijackthis log, Virus? spyware?

Any Idea's, Is the log clean?
 

Read other 3 answers
RELEVANCY SCORE 47.2

Problem: i have wtools stuff that i can't get rid of, and i think some other stuff also. I tried ad-aware and S&D and they weren't able to get rid of it. I had to go back to hijackthis in order to get rid of it but don't know what i should delete so it won't come back.

Logfile of HijackThis v1.99.1
Scan saved at 8:22:11 PM, on 5/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\BroadJump\Client Foundat... Read more

A:Solved: spyware that is beyond me hijackthis enclosed

Read other 7 answers
RELEVANCY SCORE 47.2

Please help me! I'm having several troubles in my PC lately, and I always think that is related to spywares and even trojan horses. I found an odd regitry key called bridge.dll and I deleted it many times and when I restart my PC there it is again, and I also can't delete this file! Help Me! I'm sending the log:

Logfile of HijackThis v1.98.2
Scan saved at 12:17:51, on 28/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\HijackT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH... Read more

A:Solved: Help with spyware files (with hijackthis log)

Read other 9 answers