Tech Problem Aggregator

hjt log, keep on getting spyware scanner popup thanks

Q: hjt log, keep on getting spyware scanner popup thanks

i have done a bunch of cleaning on this computer for someone and have managed to get it back online... but just need someone to glance at the hjt for me.. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 500 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1131078266\ee\aolsoftware.exe
c:\program files\common files\aol\1131078266\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1131078266\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [??# *L"h'?9??3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rhjycnj.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe"
O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8248CB-24BC-413F-B2B4-9D9B3B544095}: NameServer = 206.13.31.12 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A8248CB-24BC-413F-B2B4-9D9B3B544095}: NameServer = 206.13.31.12 68.94.157.1
O21 - SSODL: msmhost - {63BFDFEA-5118-4B18-BB66-E0C3B728BED7} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {C4A52A96-BADC-4C6A-9E1E-96B2C0B3AF16} - C:\WINDOWS\msmdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://store1.yimg.com/I/shukr_1838_1297907

--
End of file - 6413 bytes

A: hjt log, keep on getting spyware scanner popup thanks

moving back up...
soproc.exe error on startup,,, and ie opens up with fake virus scanner...

1 more replies
Answer Match 70.56%

My Computer is:
Lenovo Thinkpad 6460-7EU
Windows XP Pro SP 2 (5.1.2600.2765)
All Updates and Optional Updates Applied
3GB RAM
83GB Free Space on HD (56%)
Intel Core 2 Duo T7300 @ 2.00 Ghz
Symantec Corporate Antivirus 10.0.0.359 (with updates through 22 Apr 2008)
Windows Defender (updated)
Microsoft Malicious Recovery Tool (March 2008)

I have a corporate laptop that had the following symptoms:
1. A link to Viruswebprotect.com kept poping up to initiate a scan
2. "error cleaner" kept popping up
3. "privacy protector" kept popping up
4. "Spyware&Malware Protection" kept popping up
5. A Task Tray icon for "trusted anti-vrus" was present

I found a previous post regarding these exact same symptoms, so instead of posting my initial findings I went ahead with the cleanup, but found even more than the original poster afterwards. The other viruses were Symantec Defined as "Trojan.Vundo" and "downloader.Zlon!gen.2".

After around 12 hours of cleaning I think I have repaired the problem fully and would like to post my HiJackThis Log for your expert opinion:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:26 AM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\W... Read more

A:viruswwebprotect plus other popup spyware scanner stuff

Here is my combofix log:
ComboFix 08-04-22.5 - User1 2008-04-23 9:57:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2060 [GMT -4:00]
Running from: C:\Documents and Settings\User1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User1\g2mdlhlpx.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\rs.txt
C:\WINDOWS\rtqmekwg.exe
C:\WINDOWS\system32\khfCTmnL.dll
C:\WINDOWS\system32\LnmTCfhk.ini
C:\WINDOWS\system32\LnmTCfhk.ini2
C:\WINDOWS\system32\oacqcncs.ini
C:\WINDOWS\system32\qoMFurop.dll
C:\WINDOWS\system32\scncqcao.dll
C:\WINDOWS\system32\uxdfpmto.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-22 07:52 . 2008-04-22 07:52 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-22 07:52 . 2008-04-22 07:52 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-04-22 07:52 . 2008-04-22 07:52 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-04-22 07:52 . 2008-04-22 07:52 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-04-22 07:49 . 2008-04-22 07:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-04-22 07:49 . 2008-04-22 07:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-04-22 07:49 . 2008-04-22 07:49 <DIR> d... Read more

1 more replies
Answer Match 56.7%

Hi White Knights, Good Guys and Gals,

My PC was attacked, likely through Internet Explorer today, since I haven't downloaded anything. The following are is the list of Malware that XP Security Center has notified:

=email-worm.win32.netsky.q
=rootkit.win32.agent.pp
=backdoor.win32.kbot.al
=net-worm.win32.mytob.t
=net-worm.win32.dipnet.d
=virus.win32.hala.a
=trojan.downloader.js.multi.ca
=virus.win32.gpcode.ak

and Trojan Remover has identified
c:\windows\system32\vacinit.dll

and Mcafee
NTROSKRN... (rootkit trojan)

The program "Protection Systems" continues to pop up prompting me to buy along with random IExplorer bombs despite having removed it from programs. The system regularly freezes when I employ anti-malware programs.

I have attempted to use in normal and safe operating mode (Mcafee from safe command prompt)
=Mcafee VirusScan Enterprise (halts early in operation, Identifies NTROSKRN and 11 cookies)
=Stopzilla (Halts early in operation)
=Malwarebytes(fails to open even with changed name)
=Rooter Malware Finder (Eric_71) (operates results indeterminant)
=Trojan Remover (Runs. results indeterminant)

I am not in a good position to format the PC (in the wilderness).

Any advice what is preventing these malware programs from operating?

Thanks, and happy to repay the favor particularly if you like homebrew since PC wars arent my specialty!

Lookingtree

DDS (Ver_09-06-26.01) - NTFSx86
Run by Iamcomputer at 20:41:08.59 on Wed 07/15/2009... Read more

A:Unknown Attack Disables Malware Scanner/Antivirus/Spyware Scanner

Hi, lookingtree Welcome.Please read and follow all these instructions very carefully.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease d... Read more

2 more replies
Answer Match 52.08%

i need a real time spyware scanner for free. I also need a virus scanner (realtime) avast, avg, or antivir? Does anybody have suggestions?
 

A:real time spyware spyware scanner? (free)

16 more replies
Answer Match 51.24%

It could be just coincidence but is it possible that the 'spyware virus' I have just eradicated has caused a problem with my flatbed scanner!!? It seems very unlikely to me but I either have a faulty scanner or windows is damaged as I have swapped over the USB lead and reinstalled the driver/scanner software - has anyone had a popup virus that has effected their flatbed scanner??

thanks

DaveB
 

A:Solved: scanner not recognised after popup virus

7 more replies
Answer Match 47.04%

Hi, first time here,

I am running Windows 7 Home Premium. 32 and 64 bit. I have Norton security suite that comes with my Comcast subscription. I scan pretty frequently and I also use CCleaner which works great. I am not having any problems with my computer right now but I have in the past. Something not only got past Norton it also was able to disable Norton. I got it going again fairly quickly but my computer wasn't the same. I did a complete restore and it has been fine. For some reason I still feel like there is something going on in my computer which there may not be. I've noticed some files that looked suspiscious but I can never know for sure so I won't change anything. One time I noticed 3 extra users and I was sure I was infected until I found out Nvidia adds these for updating.
My question is that when I was looking at the files in my registry, I clicked on internet settings then zone and the list expanded to about a page and a half of files with names having to do with sex and porn. They all had the arrow to open a sub folder with on every one was www. I ran Norton and superspyware and a search. Nothing is detecting these files. Any suggestions?

Thanks,
Ron

A:spyware scanner

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

28 more replies
Answer Match 47.04%

(win xp)
I'm looking for a spyware scanner similar to the OLD ad-aware, that just scans and does NOT keep running.
Which programs could I use?

with these properties:
-light program
-scan only
-free to use
 

A:spyware scanner?

6 more replies
Answer Match 46.62%

Is this a good program? And should it stay, or should I just get Spywareblastar, and Spy_bot S&D?

Thank You
 

A:Bazooka Spyware Scanner?

I had never heard of Bazooka before, but it looks nice. Spybot Search & Destroy detects a lot more spyware though, I wouldn't get rid of it for Bazooka.
 

3 more replies
Answer Match 46.62%

Has anyone used the online scanner at Spywareinfo.com?

here

I'm looking for an online scanner that can be truested (to compliment Antivirus.com)


Thanks

A:Online Spyware Scanner

Hi, Guy!

I haven't used the application, but I do trust x-block. I also don't think that Mike Healen would get involved in anything second-rate.

The reason that I haven't introduced the service here is that I think recommending it is akin to "giving a man a fish".

When folks download Ad-aware, or Spybot, or both, set the configurations and run their scans, they have now been taught to do that properly. They can do it over and over again, weekly, we hope, with the only "outside" support being updates.

Also, with Spybot Free set to immunize or Ad-aware 7.0, they get some actual protection.

A ounce of prevention is worth a pound of cure.

1 more replies
Answer Match 46.62%

Greetings:I am somewhat new to this. I have always been able to solve the few problems I have with AdAware or Spybot. This time though, I am stumped. I installed HiJackThis and have looked through it to the best of my knowledge, but can't find anything. It seems like it all started when I accidently installed YourSiteBar. I have used their removel program but I still get popups. Here is my HiJack log. Any help would be most appreciated.Logfile of HijackThis v1.99.1Scan saved at 9:16:15 PM, on 10/26/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\RioMSC.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program ... Read more

A:Help ... No Spyware Scanner Has Helped Me!

Sorry for the delay. If you still need help with your log please post a brand new HJT log as a reply to this topic and I will help you clean it up as necessary.

1 more replies
Answer Match 46.2%

I am running XP home additiona and I am getting popup ads every 2 minutes and I have tried many things with no luck. It is defintely some kind of SpyWare on steriods. I took the advice of dvk01 on thread http://forums.techguy.org/showthread.php?t=185859, but still no luck. I even ran SpyBot and Ad-Aware in Windows XP Safe mode and it said it cleaned everything, but still no luck. As soon as I reboot the Spy Ware starts again. Also, it appears that the files that are causing this issue are...

ai_loader.exe
mamma-ia-ss.exe
mamma-dmk-ss.exe
mamma-dummy.exe
mamma-ikw-ss.exe
mamma-ss.exe
mamma-tvm-ss.exe

These were caught by Zone Alarm personal firewall. Furthermore, I have found the following dlls under C:\WINDOWS\SYSTEM32 that have a Date Modifed of 6/18/2004 or greater and I cannot delete these.

AvMDRVR.DLL
Lronardo da Vinci.dll

I also ran HiJack This and the most recent log file is below. Any help that can be provided would be exremely appreciated!

Logfile of HijackThis v1.97.7
Scan saved at 1:07:58 PM, on 06/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\W... Read more

A:SpyWare Popup Ads that will not go away

Do Spybot and Ad-Aware tell you the name of the spyware that you're infected with? If so, try doing a search for it on Google. Maybe you can find instructions on how to permanently remove it.
 

1 more replies
Answer Match 46.2%

I am running XP home additiona and I am getting popup ads every 2 minutes and I have tried many things with no luck. It is defintely some kind of SpyWare on steriods. I took the advice of dvk01 on thread http://forums.techguy.org/showthread.php?t=185859, but still no luck. I even ran SpyBot and Ad-Aware in Windows XP Safe mode and it said it cleaned everything, but still no luck. As soon as I reboot the Spy Ware starts again. Also, it appears that the files that are causing this issue are...

ai_loader.exe
mamma-ia-ss.exe
mamma-dmk-ss.exe
mamma-dummy.exe
mamma-ikw-ss.exe
mamma-ss.exe
mamma-tvm-ss.exe

These were caught by Zone Alarm personal firewall. Furthermore, I have found the following dlls under C:\WINDOWS\SYSTEM32 that have a Date Modifed of 6/18/2004 or greater and I cannot delete these.

AvMDRVR.DLL
Lronardo da Vinci.dll

I also ran HiJack This and the most recent log file is below. Any help that can be provided would be exremely appreciated!

Logfile of HijackThis v1.97.7
Scan saved at 1:07:58 PM, on 06/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\W... Read more

A:SpyWare Popup Ads that will not go away

Do Spybot and Ad-Aware tell you the name of the spyware that you're infected with? If so, try doing a search for it on Google. Maybe you can find instructions on how to permanently remove it.
 

1 more replies
Answer Match 46.2%

I am currently on my friends computer and he is running Windows XP Pro SP3.

And randomly get popups saying you can downloading free spyware programs and a fake popup window saying you have infections.

Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:50 PM, on 2/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHD... Read more

More replies
Answer Match 46.2%

I am being bombarded with a security alert saying my computer is infected with spyware and my internet homepage has been taken over by a site wanting to do scans. The site is www.safetyhomepage.com and I can't get rid of it.
I would be grateful for any assistance.
Here is my HJT logfile

Logfile of HijackThis v1.99.1
Scan saved at 12:54:17 PM, on 14/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp3\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr... Read more

A:Spyware popup

9 more replies
Answer Match 46.2%

Hi everyone,

I have been search for hours and hours and tried everything. My problem is that I have been getting many pop ups asking me to buy antispware products which after some research are spyware themselves. They pop up randomly, somtimes when i'm not even surfing.It also pops up when i open internet explorer simultaneously. i.e there are two windows when i open IE. One I opened and one ad pop up.

I use windows xp pro sp2. I have downloaded all windows updates and installed them. Ran a virus check. Detected vundo virus. Removed that according to symantec.com. Used lavasoft ad-aware, spybot and spyware doctor. Updated them and scnned again.

Yet it still pops up. I use IE7.

Here are some of the links that pop up:


If someone would beabe to help me, I would be very grateful

Thank you very much

Emma
 

A:Spyware/Ads Popup

13 more replies
Answer Match 46.2%

Logfile of HijackThis v1.99.1Scan saved at 3:50:56 PM, on 4/11/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\LTSMMSG.exeC:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exeC:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exeC:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Ad-Protect\ad-protect.exeC:\Program Files\Creative\Shared Files\CAMTRAY.EXEC:\Program Files\... Read more

A:Popup Spyware

Hello,We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.Click here to get Service Pack 1Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.After you have updated your computer to SP1, please restart your computer and post a new HJT log.

9 more replies
Answer Match 46.2%

I still can't get rid of that annoying raze spyware desktop.
The windows system I run is XP.
I tried running the ewido program following all the instructions on this site, and still I can't get rid of the raze spyware desktop.

The desktop is a red background with a flashing black pop-up.
If you have any new ideas or info on a new way to get rid of this, please e.m. me at my address.

Thanks for your time.
 

A:I tried the ewido scanner, still can't get rid of raze spyware

11 more replies
Answer Match 46.2%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:42 AM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.e... Read more

More replies
Answer Match 46.2%

What's a good free spyware scanner that comes , already dowloaded with a certain amount of basic definitions already on it?. Kind of like what Avast does for antivirus.

The reason I ask is that I have a friend that can't get online with her NetZero dialup and I want to eliminate the problem being related to spyware. In other words, I want a scanner that doesn't need to be updated right anyway and just might find something.

By the way...could a virus or malware stop someone from connecting on a dialup connection? When I use the Netzero software it connects briefly to the internet but then the modem shuts down. I don't think it's a modem problem either because I queried the modem just fine and was actually able to connect with a connection I made myself from the new connection option in Windows 2000. However I could not get anything to come up on IE.

I also could not get online by using the Internet Connection Wizard. The one that connects you, using an 800 number. It also was cut off by the modem.
 

More replies
Answer Match 46.2%

I am wondering if there is any free (good) portable anti-spyware scanner because i want to make sure that my normal scanners are doing their job, and I don't feel like installing anything extra. I am using windows vista.
 

More replies
Answer Match 46.2%

Does anyone know of a good program, ( freeware ) for the above mentioned?
chuck
 

A:Spyware, Malware Scanner, Cleaner.

Hi chuck, there's a few choices to consider....

MalwareBytes https://www.malwarebytes.org/

SuperAntispyware: http://www.superantispyware.com/

AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
 

2 more replies
Answer Match 46.2%

IE pops up with "this page cannot be displayed" or just fake "you're computer may be infected" type messages... Then AVG pops up saying "threat detected"... When I run AVG or MalwareBytes, I get nothing... I just want to know how to make it stop
 

More replies
Answer Match 46.2%

Hi, please help, been getting popups for free spyware scanners, did a bitdefender scan and it managed to move 5 virus infected files, but I still get popups from 'myprivacyguard' and 'Adwareremover2007'. Bitfender also detected and blocked Trojan.Agent.BHO.N, Trojan.Agent.ABSG, Trojan.Downloader.Agent.YNQ, Adware.Agent.NAV, Trojan.Downloader.Agent.YNU in the file http://www.thenetworkcom.com/fast-update/upd_cb.zip, how can this file be removed?This is my Trendmicro HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:44:44, on 28/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Acer\Empowering Technology\eDataSecurit... Read more

A:Popups For Free Spyware Scanner

cl0ud,Welcome to the forum, you have multiple infections on this system. Lets do a few things.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallOpen HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.Some of these may be goneR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =O2 - BHO: MSVPS System - {6EB10F79-5E53-4F76-B146-409EFCDCB957} - C:\WINDOWS\movctrlfqd.dll (file missing)O3 - Toolbar: The nssfrch - {DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70} - C:\WINDOWS\nssfrch.dllO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO21 - SSODL: bxsbang - {7C244A7A-44CC-4104-8133-40430C7AF562} - C:\WINDOWS\bxsbang.dllO21 - SSODL: ocgrep - {598370DE-4746-4951-B4F6-85459895E243} - C:\WINDOWS\ocgrep.dll (file missing)We need to make sure all hidden files are showing :Click Start.Op... Read more

2 more replies
Answer Match 46.2%

What is the best and free spyware and virus scanners for Windows XP?
 

A:Best Free Virus and Spyware scanner?

10 more replies
Answer Match 46.2%

Folks,I have been trying off and on for 2 weeks to clean this machine. It is my brother in laws computer and used by his kids to play many on-line games. It came to me with a BSOD which I recovered from by removing Antivirus XP malware using Malwarebytes Anti malware. I subsequently cleaned about 30 infections off the machine. I have scanned it with AVG Free, Malwarebites, Spybot S&D, Ad-Aware, House call and Bit defender (online). Still It has a browser highjacker in both Firefox and IE v8. I am getting repeated virus alerts from AVG concerning iastor.sys and one concerning kxdiypod.sys. I have tried to replace iastor.sys by renaming it and copying a new version. Every time I mess with it, I get another AVG alert and it replicates itself. Please help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Michele at 17:54:04.18 on Sat 04/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.202 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) Copyright Information 0============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exesvchost.exeC:\Program Files\AVG\... Read more

A:Exploit Rogue Spyware scanner

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

17 more replies
Answer Match 46.2%

Well, I was scanning my computer with Panda's ActiveScan, and I've been found with over 2,000 spyware. Yes, I've found 30 before, or 130 before, but over 2,000....it seems a bit much. (And this is after having used CleanUp!) I did what (I assume) I should, ran HijackThis, and here's my results. Thanks in advance for the help.

Logfile of HijackThis v1.99.1
Scan saved at 0421:12, on 23.02.06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Fi... Read more

A:Solved: Over a Thousand Spyware, Says My Scanner

15 more replies
Answer Match 45.78%

I have looked at the thread from cheapshot's recent thread about too many popups but i am having getting messed up trying to compare the files on the hijack this log. I also ran spyhunter (not bought version) and found that there are 212 spyware on my computer. I run XP. Here is my hijack this log. Please Help.

Logfile of HijackThis v1.97.3
Scan saved at 7:56:44 PM, on 10/25/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\SuperBar\sbhc.exe
C:\WINDOWS\uptodate.exe
C:\WINDOWS\System32\nssys32.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\redirect4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\winservn.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\CkgQ5y5o.exe
C:\WINDOWS\System32\Fsf6AY.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents... Read more

A:Spyware and Popup Problems

16 more replies
Answer Match 45.78%

I have a HJT log saved and it' listed below. The situation is that a syware/trojan is active. It creates a window and an alert on the task bar on the bottom right of the toolbar that displays-System perfomance monitor:Warning Summary: System performance slowed down by: 47% Internet connection speed decreased by: 39% Probable Reason: Spyware applications/Adware popup windows Click on this baloon to download spyware scan to remove spyware/adware applications. Very annoying!!!

Please scan over this and help asap, thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:32 PM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchAssist\bin\dgrpsetu.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\pr... Read more

A:Annoying Spyware popup

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

2 more replies
Answer Match 45.78%

I've been having some problems with system doctor popups as well as outerinfo popups. Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:25:11 PM, on 05/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\SSTEM3~1\msiexec.exe
C:\Documents and Settings\Owner\My Documents\??stem\n?tdde.exe
C:\Program Files\Logit... Read more

A:Spyware + popup problem

16 more replies
Answer Match 45.78%

I keep getting a popup. Even when I'm not surfing the internet. It is from Internet Speed Monitor.I have ran Ad-Aware, Spybot and AVG but I still get it.I have also ran Avast. What I noticed with Avast is when the scan is complete and the results show up, several areas say "unable to scan" or something to that effect.Here is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:11:44 PM, on 10/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\System32\sv... Read more

A:Keep Getting A Popup-have Ran Several Spyware Programs

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. I do not recommend that you have more than one antivirus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other antivirus products to create "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause false alarms - when the antivirus software tells you that your PC has a virus when it actually doesn't. Also it can cause system performance problems; your system may lock up due to both software products attempting to access the same file at the same time.Therefore please go to Add/Remove in the Control Panel and remove either Avast! or AVG.Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F... Read more

5 more replies
Answer Match 45.78%

Every now and then, whenever i log onto the net, i get a msg box saying "Spyware Detected" and usually get some so called "solution" for it.. a new firefox window is opened and i get to see some Anti-Spyware website..

when i checked out the startup tab on msconfig, braviax was listed, so i tried out SDFix, which i downloaded from bleepingcomputer.. that solved the problem for the time being.. i boot my system up today and same msgs are back..

the HijackThis log is as folows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:09 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvM... Read more

More replies
Answer Match 45.78%

I am getting popups only when in Yahoo Mail. Each time I change pages, one of 4 popups rotate up and tell me that my computer has been infected with spyware. If I Reply to one of my emails, 8 popups appear. It only happens when I am in Yahoo Mail.

Two of the popups have links that I followed to //s13ds.d8t.biz and //c1dcon.d8t.biz.

I have run Norton AV and Spybot S&D, but to no avail.

Any ideas on how to rid my system?

Here is my Hijack This log:

Logfile of HijackThis v1.97.7
Scan saved at 9:59:03 PM, on 6/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SB... Read more

A:Solved: Spyware/Popup - URL ...d8t.biz

15 more replies
Answer Match 45.78%

I'm having some serious problems with casinos poping up on my pc, as well as something called "winfix 2005". I've run Microsoft's anti-spyware, ewido security suite to no avail.. Help will be rewarded with tasty Jello Pudding Pops. Thanks a bunch!Here's my Hijackthis log entry:Logfile of HijackThis v1.99.1Scan saved at 1:56:20 PM, on 8/5/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Symantec\pcAnywhere\awhost32.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\... Read more

A:Spyware popup craziness...

Hello NobodyJones and welcome to the BC malware forum. I think there is more here than what we are seeing in the HijackThis log. Let's run a different scanner and see what it shows us.Download WinPFind.zip and unzip the contents to the C:\ folder.Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log and I will review the information when it comes in.OT

9 more replies
Answer Match 45.78%

Logfile of HijackThis v1.99.1
Scan saved at 7:00:27 AM, on 11/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\users32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WIND... Read more

A:spyware popup problem

13 more replies
Answer Match 45.78%

Hello there. I am having quite a bit of trouble getting rid of the source of this Spy-Axe and Spyware popup nuisance. If you can, please advise me on what my next move should be. Posted below are my most recent Hijack This results.
Logfile of HijackThis v1.99.1
Scan saved at 9:11:53 PM, on 12/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared... Read more

A:Spy Axe and Spyware Infection Popup

Please save or print these instructions before beginning

Go to Start>>Control Panel>>Add or Remove Programs
Uninstall SpyAxe if it appears in the list
Delete the folder C:\Program Files\SpyAxe\ if it exists

Save smitRem to your Desktop and run smitRem.exe

Download and install Ewido Security Suite
During the installation, uncheck the following under Additional Options:

Install background guard
Install scan via context menu

Run Ewido and click OK when prompted to update the program
On the left side of the screen, click update>>Start
When the update is finished, exit Ewido

Start your computer in Safe Mode

Open to smitRem folder and run RunThis.bat. Follow the onscreen prompts

Run Ewido Security Suite
Click scanner>>Complete System Scan
Click OK when prompted to clean the problems found
When the scan is finished, click Save Report and save a copy of this log to your Desktop
Exit Ewido

Go to Start>>Control Panel>>Internet Options>>Programs
Click Reset Web Settings>>Apply>>OK

Go to Start>>Control Panel>>Display>>Desktop
Click Customize Desktop>>Web
If you see an entry called Security info or something similar, select it and click Delete>>OK>>Apply>>OK

Restart your computer

Run Kaspersky Online Scanner and post the results here

Post the contents of C:\smitfiles.txt

Post the contents of the Ewido Security Suite report that you saved to your Desktop earlier

Run HijackT... Read more

2 more replies
Answer Match 45.78%

Hi, i have tried numerous ad programs that just don't help get rid of this one popup thing, i've tried Ad-aware and Spybot Search and Destroy. and the popup thing still comes up! here is my hijack.log so HELP please!
Erik

Logfile of HijackThis v1.98.2
Scan saved at 9:47:00 PM, on 11/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Viewpoint\Viewpoint Manager\View... Read more

A:Popup/Spyware- MyHijackthis.log

Welcome to TSG!!
Download Spybot http://www.majorgeeks.com/download4392.html
Click on "Search For updates" When prompted.

Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.
Reboot.

Download Adaware SE http://lavasoft.element5.com/software/adaware/

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window: Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Reboot.

Create a permanent folder on your hard drive for Hijackthis, like My Documents\HJT
Click on this link to download Hijackthis. Save the download to the permanent folder you created. Post a new log from your permanent folder.
 

1 more replies
Answer Match 45.78%

vista home premium.
hi am new here .fisrt time posting .my wrigting is not to good .here is my problem .am using spyware terminator and some time i get this popup asking is i want to allow this site or block it .is there a way to stop that popup to show up .it do not happen often but it a pain when it do show .some time i have to click on alow 2 to 3 time before it go away .thank you for your help .
yvesj
 

A:spyware terminator popup ????

16 more replies
Answer Match 45.78%

Ok i just got this nasty infection with one then mone spyware.
I'm not sure what they all where but i know one was
command.exe
and one was
Surf Asistant
or something like that,
I've used the folowing on it and cleaned up everything but this one .dll file that shows up in
my HJT log and is still causeing my web browser to be redirected every 1-3 mins.
I've tryed the folowing programs to get red of it,

KillBox, CleanUp, Endow Security Suite, StartUp Manager, SSKfixXP,
WinTask 5, CCleaner, Spy Sweaper (which btw added more spyware,) Security Task Manager, my personal favorit HiJackThis V.1.99, and finaly a out dated ver. of spybot and I just download the latist Ad-Aware and have yet to use it.
I've found the file that needs to go by useing HJT and it's in my sys32 folder but everytime i try to use KillBox (useing the delete on restart option) it just keepcomin back with a differnt name.
My latist HJT this log looks like this
Logfile of HijackThis v1.99.1
Scan saved at 1:35:25 AM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\2. TOOL {s}\Fire Net\firefox.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WIN... Read more

A:Need help with Spyware adds popup!!

6 more replies
Answer Match 45.78%

Team Members..I have been working on my kid's computer for the last couple of days trying to get rid of this junk. I've run the usual AdAware, Spybot, Stinger & CWShredder but I still think I have problems. Any help would be appreciated.Thanks in advance..cwbrideHere is my log..Logfile of HijackThis v1.99.1Scan saved at 8:58:02 PM, on 2/15/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\ATI Technologies\ATI Control Pan... Read more

A:Spyware & Popup Problems

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)? Install ewido.? During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".? Launch ewido? It will prompt you to update click the OK button and it will go to the main screen? On the left side of the main screen click update? Click on Start and let it update.? DO NOT run a scan yet. You will do that later in safe mode.Restart your computer into safe mode now. Perform the following steps in safe mode:(Start tapping F8 at the first black screen after power up)Run Ewido:? Click on scanner? Click Complete System Scan and the scan will begin.? During the scan it will prompt you to clean files, click OK? When the scan is finished, look at the bottom of the screen and click the Save report button.? Save the report to your C: DriveThis will take some time to run!Boot to normal modePost that log and a new HiJack log

5 more replies
Answer Match 45.78%

This is very annoying. A few times per night I get a voice pop that lasts for about 1 second. It's is spontaneous and happens at random intervals- a few times within a 4-5 hr period. I was able to record it- (see http://home.comcast.net/~xrunner123/freaking_sound.wav). There is about 10 sec pause so just wait until the end.

Now if you play that backwards at slow it down it says "Ronald Reagon is an *******".
I have scanned my computer with McaFee, Norton, and avast. And also ran Adware and I bought Spyware Doctor. And it still does it.

What is this? I've searched everyone and cannot find any info. What the hell do I do besides blowing my computer away?
 

A:NEED HELP- Voice popup spyware

16 more replies
Answer Match 45.78%

I need help with adware on my machine. every site I visit is swamped with popups. I am following the process of the malware topic now & will post my results here as I go along.I hope I have done everything right here :)

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16749 BrowserJavaVersion: 11.77.2
Run by Curry at 12:45:46 on 2016-04-03
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.44.1033.18.2036.417 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Hewlet... Read more

More replies
Answer Match 45.78%

I need help with adware on my machine. every site I visit is swamped with popups. I am following the process of the malware topic now & will post my results here as I go along.I hope I have done everything right here :)

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16749 BrowserJavaVersion: 11.77.2
Run by Curry at 12:45:46 on 2016-04-03
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.44.1033.18.2036.417 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Hewlet... Read more

A:spyware/popup issues

I have seen down this page someone has the exact same issue and pop up type. Is it wise for me to move through the same steps that dude was given by support without having the above checked?

12 more replies
Answer Match 45.78%

Can't attach the ark.txt. Computer freezes up and reboots before it can finish.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by woodman at 18:35:36.62 on Sun 07/11/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.446.115 [GMT -4:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\Explorer.EXEC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeF:\dds.scr============== Pseudo HJT Report ===============uStart ... Read more

A:spyware/adware popup

Hello, woodman3041.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by... Read more

26 more replies
Answer Match 45.78%

Hello, im making a last ditch effort to get rid of this popup.. i race online, and play other games.. and while in-game this random popup minimizes the games im playing, causing me to wreck, ect.. or if im on the internet it will randomly pop up. its a full screen pop. here a picture of it:

http://img82.imageshack.us/my.php?image=image1si7.jpg

also, the address that comes up with it is

http://ww*w.look.to.pl

WITHOUT the star, i didnt want it to make a link and someone click it, and end up with what i have........

my windows is updated, iv used avast antivirus and deleted everything infected.. and iv used windows defender.. and i cannot shake this popup. i have a online league race tommrow (i know its short notice, but like i said this is a last ditch effort) so any help is very much appricated! thank you,

Mike
 

A:Spyware/Adware popup

16 more replies
Answer Match 45.78%

Hi, bit of a weird thing happened, I got a spyware popup for the first time ever on this computer... I was playing Eve Online, when suddenly my game minimized and I had a grey window appear in the middle of my screen asking me to install some sort of toolbar into IE...

A run through of what I seem to remember:

I had MSN Messenger running.
A CMD box opened then closed, no text appeared inside it.
I closed the popup immediately.
I didn't have IE running

In my haste I went into C:\ and found a series of unusual files to my surprise, one of which was TB.exe which I deleted on the spot without thinking (No idea what that was). The other was some compressed file with a number letter name, and then there was SW.bat... I deleted them all.

A HJT is attatched, any help is appreciated. I do know I'm an idiot randomly deleting suspicious files...

Thanks .
 

A:Solved: Spyware popup!

15 more replies
Answer Match 45.78%

Deckard's System Scanner v20070611.50
Run by Dea on 2007-07-02 at 20:07:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-07-03 00:07:35 UTC - RP28 - Deckard's System Scanner Restore Point
1: 2007-07-01 23:56:05 UTC - RP27 - Installed Windows XP Service Pack 1.


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Dea.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-02 20:12:07
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\?ppPatch\chkntfs.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\D... Read more

A:Popup & Spyware Issues

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

10 more replies
Answer Match 45.78%

i start getting popup when using internet (www.z404.com, and different website with yyy65.html as webpage) and also get flash popup. spr doc found n remove those but they r still there . there r some file on c:\ (installer.exe and MTE3NDI6ODoxNg) which i delete but they r again ther on restart. please help me with perminent solution thank you. here is my hijack log :Logfile of HijackThis v1.99.1Scan saved at 1:38:30 AM, on 1/31/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exeC:\Program Files\Intel\IDU\IDUServ.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXEC:\Program Files\Spyware Doctor\sdhelp.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXEC:\Program Files\Trend Micro\Intern... Read more

A:Multiple Spyware (esp Popup)

Hello Moiz and welcome to the BC HijackThis forums. Let's start with a scan for Look2Me and see what it shows us.Download l2mfix.exe and save it to your desktop.Double click l2mfix.exe to start the installation. Click the Install button to extract the files and follow the prompts.Open the newly added l2mfix folder on your desktop.Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing the Enter key.This will scan your computer and it may appear nothing is happening, then, after a minute or 2, Notepad will open with a log. Copy/paste the entire content of that log into this thread and I will review the information when it comes in.OT

1 more replies
Answer Match 45.78%

Hello I was referred to this site by a good friend.

It seems I have some sort of Trojan. I get non-stop messages telling me that my computer has been infected and that I need to install one of the multiple spyware/malware programs they advertise. I was told to run the HijackThis program and report my findings on this forum.

Heres my report. Any assistance would be greatly appriciated.

Thank you in advance~

-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:21 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common... Read more

A:Spyware - Popup Problem

Still need help if anyone has the time.

Thank You~

2 more replies
Answer Match 45.78%

A few days ago I noticed this Widdit popup on my shopping sites. It's from dealply.com. It also annoyingly covers my Google searches with its own garbage results.

I'm concerned that it may be doing more than just that...

I use AVG, scanned for everything... Nothing. So I tried Malwarebytes... Nothing. And I am currently running Spybot. It's taking too long.

I searched through my temp folders, appdata, and program files for anything fishy and couldn't spot a thing. Also, the add-ons for Firefox are my normal ones, not whatever this is.

I attached a picture of how it appears in the top right of eBay.

Thanks for your help!

And, here is the Highjack this stuff:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:16 PM, on 2/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HD Tune\HDTune.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soff... Read more

A:Widdit Popup Spyware

Also, my most recently installed program was a trial of SPSS 20 downloaded from, if I remember correctly, softsonic. Could it have came from that site?
 

2 more replies
Answer Match 45.78%

How do I stop the unwanted popup spyware? I use Win98/AOL9.0 and I also use a History Kill program that has a popup blocker. Spyware popups seem to be the only popup I get but they are many and often.
 

A:Unwanted Popup Spyware

16 more replies
Answer Match 45.78%

Hi guys,

I need some help, I am having problems with spyware opening pop-ups. I have run Spysweeper and Spybot Seek and Destroy, but neither of these has fixed the problem. Help would be greatly appreciated.

My hijack this log is below.

Thanks,

Bogdenyvitch.

Logfile of HijackThis v1.97.7
Scan saved at 09:50:31, on 14/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Siemens\Common\Ace\bin\CCAgent.EXE
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\ci_serv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\serv1613.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Ap... Read more

A:Spyware/Popup Hell

8 more replies
Answer Match 45.78%

First of all, thank you for reading the post and analyzing the following message...

I have tried to run Spybot, Spyware Doctor, Spyware Blaster, window defender, CCleaner, CWShredder and many more programs to clean up the spyware. Unfortunately pop-up have seems to fall in love with IE on my machine and is reproducing every second. I have full faith in our task force and hope we will soon be able to stop the reproduction...

----------

Deckard's System Scanner v20070611.50
Run by test on 2007-06-16 at 22:58:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
66: 2007-06-17 04:00:46 UTC - RP328 - Deckard's System Scanner Restore Point
65: 2007-06-16 23:34:16 UTC - RP327 - Restore Operation
64: 2007-06-16 21:08:52 UTC - RP326 - Removed easy Internet sign-up
63: 2007-06-16 07:14:25 UTC - RP325 - Windows Defender Checkpoint
62: 2007-06-16 07:03:33 UTC - RP324 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-03-21 01:49:37 UTC - RP263 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as test.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:05:17 PM, on 6/16/2007
Platform: Wi... Read more

A:Spyware + Malware = Popup's

Hello and welcome to TSF.

Please download ComboFix

Note: It is important that it is saved directly to your desktop.
Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

Important Note: If you already have the tool, please delete it and download the latest one because it's updated constantly.

15 more replies
Answer Match 45.78%

Hi,
My home desktop has malicious spyware and popup problem and system has slow down. can not surf IE properly. I am attaching panda scan report and hijack log.
Please let me know.
Appreciate your assistance.
Thanks.
Raj

Panda scan report:


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\efcayab.dll
Adware:adware/gator Not disinfected c:\windows\GatorFDDLI.log
Adware:adware/comet Not disinfected C:\Documents and Settings\pc\Ap... Read more

A:Problem with spyware and popup

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

I need more information before continuing, please.

---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. I... Read more

1 more replies
Answer Match 45.78%

Recently I've been getting many popups. I also think I have a Trojan on my computer. First off, I did my regular scanning like using AVG and Ad-Aware SE. My Ad-Aware did not remove the popups. My AVG scan messed up because when I finished scanning and clicked remove items, it froze, so I ended the process .
Popups include sites like areaconnect.com, firstpremierbankgold.com,gamezhero.com, hornymatches.com, mmorpg.com, ovguide.com, setthetrend.com, etc.

Now about the trojan. While doing that failed AVG scan, I saw that it detected a trojan. I think it was Sheur.something? This trojan/virus thing made an icon next to the time saying that Windows had detected malware/spyware and that I should click here to download the newest anti-spyware. Intuitively I knew that it was spyware because Windows does not detect malware/spyware. I found out later that the file was located at my main drive E:\ (yes, E:\ is my main drive) so I ended the process and deleted it. Later, in fact, while typing this, I saw that it came back and the same thing happened.
Here's a picture of what it does...
Well, that's all the info I know. I'll include a HijackThis log also.
Ah, when I made HijackThis scan and make a log, AVG said it detected a Trojan horse Agent.OPM at E:\WINDOWS\System32\drivers\kbdclasss.sys
Here's the HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 2:54:18 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP... Read more

More replies
Answer Match 45.78%

Hi all

I was fortunate enough to have avoided any problems for almost an entire year on my new computer, when suddenly out of the blue I was hit with a drive by browser hijacking and, a mad influx of popups!

Its been a while since I had to do the spybot and hijack thing... can you please refresh my memory on how to handle this annoying problem

Much thanks!
 

A:Spyware and Popup ups... AAACCKK!!

7 more replies
Answer Match 45.36%

Hello, I have a problem with some spyware that got installed by my younger sibling on the family desktop. I was able to get rid of some of it but i still have the adware icon in the taskbar popping up.
The files that were a problem were part of the netproject spyware...i think i was able to get rid of the files that were being active which were the scit.exe and scm.exe files. The icon that's left in the taskbar is pretty much neutral right now cuz i disabled and deleted IE, but it's still annoying and im pretty sure there's still something in it.

Thanks in advance and i really appreciate the help.
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:49 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Commo... Read more

A:Please Help...spyware scanner trojan is slowing my computer

Welcome to TSG

Please download SmitfraudFix
to your Desktop.
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Answer Match 45.36%

Referred here from: http://www.bleepingcomputer.com/forums/t/206430/pro-system-scanner-and-spyware-remover-2009/ ~ OBI was referred to this forum by DaChew from the Am I Infected forum. I'm running windows xp pro sp2. The pro system scanner and spyware remover 2009 are popping up frequently and being very invasive, sometimes locking my computer. Here are the required logs. Thank you for your help. DDS (Ver_09-02-01.01) - NTFSx86 Run by Steve at 15:04:38.03 on Fri 02/27/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1457 [GMT -5:00]============== Running Processes ===============C:\WINDOWS.0\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS.0\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS.0\system32\spoolsv.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS.0\system32\svchost.exe -k imgsvcC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\WINDOWS.0\system32\wscntfy.exeC:\WINDOWS.0\system32\userinit.exeC:\WINDOWS.0\Explorer.EXEC:\WINDOWS.0\RTHDCPL.EXEC:\Program Files\ImagePrint\spool\mux\muxd.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S5I0O2.EXEC:\Program Files\DNA\btdna.exeC:\WINDOWS.0\system32\ctfmon.exeC:\Program Files\HP\Digital... Read more

A:pro system scanner and spyware remover 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 45.36%

Hello,
I am having a problem within my Window7 OS. I removed a "Java solace k" virus in 06/2010 but am still having issues with redirects from my browser and fake security scanners telling me of a security breach within my system. Any assitance would be greatly appreciated.

buhdabless

A:malware/spyware and fake security scanner

Hello please try this approach.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware pro... Read more

5 more replies
Answer Match 45.36%

I've recently acquired the false Zinaps malware "remover," and i'm trying to get rid of it. I've reasd that its really recent, so my previous scanners probably will not do the job. Could I get some help?

The lower task bar "notifies" me constantly with a yellow triangle with an exclamation mark. It reads "Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you."

By the way, this is Windows XP

Also, my computer's been excruciatingly slow recently (even before Zinaps), so if you could help me take care of those too?
 

A:Zinaps rogue spyware scanner 7.0 removal

Here's the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:21:54 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\P... Read more

1 more replies
Answer Match 45.36%

Hi i have Norton Antivirus on my laptop im looking for a spyware scanner like spybot witch one is good and compatible with windows vista
thanks
 

A:Solved: A Good Free Spyware Scanner

8 more replies
Answer Match 45.36%

I am looking for a program that I can install on a centralized server and run scans from single client machines. I am not aware of anything that will let me do this. I have about 300 machines and need something besides installing on 300 machines. I would like to hear all suggestions on ways to handle this task.
 

A:Spyware scanner that runs from centralized location

6 more replies
Answer Match 45.36%

I recieved a threat alert on my AVG 8.0 that I had something called Exploit Rogue Spyware Scanner type 621. I ran the AVG Scan and it showed nothing. I ran Adaware and all it found were some tracking cookies. I started getting redirected when browsing with internet explorer and I down loaded Mozilla because the pop ups and redirects became so bad I couldn't use My Internet Explorer to get to any place for help... This is My HighJackThis Log.... I do not know why all My AVG Scans come back that everything is fine. Please can You Help me... I have No Idea What this is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:49 PM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpe... Read more

More replies
Answer Match 45.36%

I'm infected with a Fake spyware scanner by the name of Zinaps 7. Can you help me get rid of it?

Thanks.
 

A:Help me delete Zinaps 7 rogue spyware scanner

Welcome to TSG

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Close all other windows except HijackThis.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Answer Match 45.36%

My stepson's computer, running W2K SP4, is infected with something that keeps popping up malware alerts and IE or firefox windows. Right now, for example, on my screen I have a security warning about Trojan.W32.Looksky, a dialog box asking me to click OK to start SecurePCCLeaner, an IE window offering to download Trojan&Spyware scanner, another IE window also offering securePCCLeaner, and a firefox tab offering a download called "privacyprotector". The computer is almost unusable. Any help is appreciated.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 8:15:48 PM, on 9/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Trend Micro\Internet... Read more

A:Solved: Trojan&Spyware scanner - popups

11 more replies
Answer Match 45.36%

I run Zone Alarm Internet Security Suite. Never had any problems. I also run Spyware guard. No problems there either. On a weekly basis I run, Spybot, Adaware, Hijack This, and A2 Squared. Once a month I do a Trend-Micro online scan. My computer stays clean.
Right now I can run Zone Alarm and/or Spyware Guard active protection and I can do anything I want on my computer, Internet, online games, emails, word processing, anything. As soon as I run any of the mentioned scanners, they make it haft way through and my computer shuts itself down. It powers itself off. The only thing that is different about the computer is that Dec. 26th I added a router to my desk top for my kids laptops and a USB hub 2.0. All works fine. This problem started on Dec. 27th. My computer will run fine night and day, but soon as I run a scanner, it powers down If this isn't where I should post this question please tell me where it is better suited Thanks
 

A:antivirus and spyware scanner shut down computer

6 more replies
Answer Match 45.36%

alright so out of no where today my computer is infected with the "you need to download this program to protect your computer from viruses, spyware, etc." crap.

i have been working at it for the past hour and cant seem to find out why it wont let me run any sort of removal programs.

i went into my registry deleted the the files there, deleted all the temp files, and it still wont budge.

i need some help here, im researching into it, but any help here is definatley appreciated.

-chris

extra information :

backdoor.win32.kbot.al - keeps popping up and others like it

A:every sort of spyware scanner refuses to open!

Try scanning with this:http://www.free-av.com/en/products/12/avir...cue_system.html

16 more replies
Answer Match 45.36%

Hi, I have pro system scanner and spyware remover 2009 on my system. I have run Super anti spyware and Malwarebyte's anti malware. They did remove a trojan at one point but the infection continues. I'm on a pc with xp pro sp2. Please help.
Thank You sotasteve

A:pro system scanner and spyware remover 2009

Let's run another pass with MBAM, update itPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will... Read more

9 more replies
Answer Match 45.36%

My son downloaded some videos on how to fix his car from You Tube and since then my laptop has been getting worse and worse. I ran Sammsoft ARO and Malware. I have since taken both off my computer thinking that might help. I have AVG, but it comes up with nothing when I scan. I keep getting the threat alert scaneriche.cz.cc/scan/dim_sp2/free as the file name and Exploit Rogue Spyware Scanner (type 140) as the Threat name.
I found a post about rkill on a random site and downloaded rkill, but every time I try to run it my computer goes to blue screen with a loooong message and then reboots automatically.
When I try to use the internet, I am directed to different sites that I don't want.
Help!!

A:Exploit rogue Spyware Scanner (type 140)

Hello kathym and welcome to BC.

We're so sorry about the delay, do you still need help?

4 more replies
Answer Match 45.36%

Please Help! I ran spybot and superantispyware and i think it took care of most of the trojans.

I dont know what happened but my computer suddenly became really slow and had a couple of popups.
I found that prun.exe was some sort of trojan and a couple of others.

I ran hijackthis after running my antispyware scanners and i dont know if im still infected.

Can someone check and help me out?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:08:20 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ventrilo\Ventrilo.exe
H:\Useful Programs\HiJackThis_v2.exe

R0 - HK... Read more

More replies
Answer Match 45.36%

I have been looking around for a few days to try and find a fix, and i have followed some solutions that some people have provided on here for similar looking problems but i cant seem to sort it... it looks like it gets to the point where theres no trace of it left on my laptop but then when i connect onto the internet it seems to come back.
While online it comes up with one of many like the following pop up message:


It sometimes often opens up IE pop ups too with similar related content.
I have installed: Ad-Aware SE & the VX2 addon, Spybot S&D, Clean Up, SpyBlaster.

Here it my hijack log:

Logfile of HijackThis v1.99.0
Scan saved at 17:38:39, on 30/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\SpywareBlaster\spywareb... Read more

A:Evil Spyware Popup thingy.

Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. I notice your browser and Operating System are not up to date and this makes you susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Turn off System Restore by doing the following:

Click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click ?Kill process? for each one (You must kill them one at a time).

C:\WINDOWS\System32\winmplayd.exe
C:\WINDOWS\System32\smsss.exe

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Download Accelerator (If you have it instal... Read more

3 more replies
Answer Match 45.36%

hello, Last week Cheeseball81 helped me remove the spyware locked system tray popup from my system. It appeared we got it, but the power went out today, and when i restarted my computer the popup was back.

I haven't used the computer since Cheese helped me, been too busy with work to do anything, so it has to be hiding somewhere in my system. It's slowing my system down a bit, and seems to dissapear and come back after the computer is restarted a few times. any help would be appreciated. here's the link to the original thread, as well as a current Hijack This log.

http://forums.techguy.org/security/571597-solved-sys-tray-popups-spyware-2.html

Logfile of HijackThis v1.99.1
Scan saved at 6:11:40 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program... Read more

A:Spyware Locked Popup Back, please help

Please remove the version of SmitfraudFix you have and redownload it so you get the latest version.

Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

1 more replies
Answer Match 45.36%

Hello. I recently managed to get myself infected with spyware and perhaps various other programs. I can even recall clicking on that unknown executable that I'm 95% sure started all this mess, haha (I should know better.. guess I'm an idiot =P).

Anyways, I also get pop-ups from my Symnatec AntiVirus as it tries to clean things up, but it can't get rid of the problem altogether. I've tried reading through various other forum posts, and I used things like the Vundo Cleaner (didn't find anything), SmitFraudFix/etc. in Safe Mode, AVG Anti-Spyware in Safe Mode (found nothing). I have noticed Internet Explorer has some odd add-ons... two hex-key named / blank publisher DLL files, dufovlrw.dll and lkrrwreo.dll (names didn't even show up on google, which makes me wonder), and also awvts.dll (this led me to try Vundo cleaner).

Enough of my rambling. I'll post the results of some scans I did. I'm not sure which are the most useful, so I tried to break the post up so that you can at least easily see which scan you're look at.

Thanks in advance for the help.
-Casey

----------- HIJACK THIS ------------
Logfile of HijackThis v1.99.1
Scan saved at 4:07:31 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\W... Read more

A:WinAntiVirus Popup - Spyware/Worse?

------------ KASPERSKY ONLINE SCAN ---------------
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbc2e.ht1 Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbdam Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbdao Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbeam Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbeao Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbm Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbu2d.ht1 Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\755f0af672b7\fii.cf1 Object is locked skipped

C:\Documents and Settings\Administ... Read more

1 more replies
Answer Match 45.36%

Hey all, recently my comp has received this one popup ad which is the same each time it pops up. I'm not being flooded with several popups its just this one same blank ad. I usually use Mozilla Firefox as my browser but every so often I use Internet Explorer sometimes when I try and go to a page it redirects me to the same spyware page that informs me my comp is infected and to "Click here" to remove the spyware from my pc. On Firefox I dont get redirected to this page but I still receive the same blank ad ever so often.

I have run Spybot and Ad-aware they both found tracking cookies, spyware, and trojans. I deleted them after the scan but after scanning a while later I get the same adware that I deleted before. I have also ran Panda scanner and pasted the results here.


Deckard's System Scanner v20070611.50
Run by Boyd on 2007-06-12 at 23:32:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Boyd.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:34:02 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.ex... Read more

A:Popup and IE pages get redirected to a spyware ad

Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs: ViewPoint
Please note any other programs that you dont recognize in that list in your next response


---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [hwfutczk.exe] C:\Documents and Settings\All Users\Application Data\hwfutczk.exe
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


---------------


Download this file & save it to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

Open notepad and copy/paste the text in the quotebox below into it:


Code:
File::
C:\Documents and Settings\Boy... Read more

6 more replies
Answer Match 45.36%

I don't seem to have a computer infection at this time, only a popup in the tray that keeps saying windows has detected a spyware and asks me to click to download the latest software to "pervent" (sheesh, a misspelling?). I'm pretty sure if I click it, it will attempt to download aap.exe and install it. Any idea how to get rid of this thing? I updated and am running a full scan with Malware Bytes. Should I run HJT? Thanks for your help.

xiaohui
 

A:Spyware detection popup in tray won't go away.

14 more replies
Answer Match 45.36%

Hi I am getting pop up ads on internet explorer and my search engine is taking me to the wrong websites.

Thanks,



C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\SAP\Mobile\bin\UFContainer.exe
C:\Program Files\CM\CM.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Progra~1\1033_Fiberlink\gui.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\s0192\Desktop\Personal\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Medline Industries, Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.medline.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = mednet;medline.com;<local>;*.local
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Af... Read more

A:Spyware popup ads (Hijack this log attached)

Hi, welcome to TSF!

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

6 more replies
Answer Match 45.36%

Keep getting Spyware Removal Wizard popup. Have run Adaware, Spybot, Ewido, Smitfraud. Can't seem to get rid of it. Here is the Hijack this.Logfile of HijackThis v1.99.1Scan saved at 4:21:00 PM, on 10/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Wave Systems Corp\Common\DataServer.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\... Read more

A:Spyware Removal Wizard Popup

Any help would be appreciated.

10 more replies
Answer Match 45.36%

Cleaning a friend's computer and having trouble.

The problem he noticed was with SpyAxe (pop-up notices in system tray), though I've found lots of other nasties too.
He routinely updates/runs Ad-Aware and AVG, less routinely SpyBot S&D, has Kerio Personal Firewall (cable connection), but he has a roommate who does not surf safely! (sigh) In fact, this is the same computer I was cleaning when I first came upon your forum over a year ago and got so much help from Kevin aka greyknight17. Thanks many times over for all I've found and learned here!! And of course TIA for help today...

I have done your "Five-Step Process" and then some:

-I have scanned (multiple times, Safe Mode and Normal) with SpyBot S&D, Ad-Aware (settings per Kevin at greyknight17.com), and AVG. Find and fix things every time.
-Removed SpyAxe and others via Add/Remove Programs
-Checked for and removed other folders via Windows Explorer
-Also used CWShredder, CleanUp, SmitRem, Ewido
-##Panda (still finding things), and TrendMicro HouseCall (found/fixed multiple problems)
-Still getting a pop-up in system tray saying "System Intrusion Detected"

Most recently:
(in Safe Mode logged in as Administrator)
-re-ran SmitRem and scanned w/ Ewido -> only SpywareStrike (SpyAxe) found - removed
-rescanned w/ SpyBot S&D -> WindowsActiveDesktop (removed)
-Ad-Aware -> nothing
-restart in Normal Mode -> system tray pop-up "System Intrusion Detected" ... Read more

A:Fighting Spy Strike and spyware popup

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

19 more replies
Answer Match 45.36%

Sorry if I do anything wrong here but this is my first time posting and I'm new to the forums.
I can't post logs yet because I have no idea how to but if someone tells me how to I might be able to.
I have Trend Micro Internet Seurity Pro and it is always detecting a "Possible Vundo_G"
Whenever I run a spyware scan, a number of the viruses are in system32.
Also, lately my computer has been sluggish and internet expolorer always pops when I'm using Opera. I never use IE.
Whenever it happens I just end the IEXPLORE.EXE process.
If I provide a log would someone be able to find out what's causing the IEXPLORE.EXE.

Thanks so much in advance and sorry if I haven't given enough info, I'll post more if I need to

A:Spyware/Virus/System32/Popup help

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 45.36%

Hi guys,

I was wondering what are some good adware/spyware software out there were you could download for free. I was looking around and found some but it's like a trial period. Any help would greatly be appreciated.

Also I just got cable boardband this weekend and it has a ton of popups on every site. I had DSL before and never had any popups. Could you guys also recommend a good pop up blocker. Thanks.

A:Adware/Spyware/Popup blocker

This is the best I have found, In fact it is so good sometimes you have to disable it, at times

http://www.kolumbus.fi/eero.muhonen/FS/

4 more replies
Answer Match 45.36%

I seem to get popup for Inquire.net with a redirect. Ive been running Ad-aware SE PErsonal. But it keeps coming back, It started with something called Elitebar and has been all down hill from there. Also getting this popup http://www.ad-w-a-r-e.com/normal/yyy12.html

Logfile of HijackThis v1.99.0
Scan saved at 1:49:07 PM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\system32\WCXELMS.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Palm\hotsync.exe
C:\Program Files\CoolMon\CoolMon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explore... Read more

A:Hijack Log, Popup/Spyware Issues

I have run these programs:

HijackThis
Lavasoft Ad-Aware w/ VxD Addon
Spybot: Search and Destroy

all havent done the trick, please help!
 

2 more replies
Answer Match 45.36%

Hi. i have this flashing yellow triangle with exclamation mark in my system tray which pops up again and again. it says i have some spyware or virus and need to download the latest version of some program to fix it. How do i get rid of it my current virus and spyware software cant get rid of it. plz help!

A:Spyware Popup In System Tray

Hi,Please do not attach your logs, but copy and paste them in the thread instead.First of all.. I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. Avast and Norton (Symantec).Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.Then, * Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.* Doubleclick combofix.exeFollow the prompts.Don't click on ... Read more

2 more replies
Answer Match 45.36%

I am getting malware and spyware notices that my computer is infected. I had this problem once before and you guys were great!!!!!

Below is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:14 PM, on 11/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Go... Read more

A:Malware/Spyware popup problems

bump
 

2 more replies
Answer Match 45.36%

I'm getting a popup saying the my computer is infected with spyware and I have a security problem it tries got get me to download virus remover 2009. Here is my hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:46 PM, on 25/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\BR040286.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Kaminski\AppData\Local\Temp\a.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Kaminski\AppData\Local\Temp\R... Read more

A:Security Popup say Spyware Infected

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 45.36%

Over the last couple of days I have had numerous popups telling me that my machine has a virus and to click on a link to any number of programs to "fix" it. I have gone through several of the simular posts and completed the steps I felt comfortable doing. I just want to be sure that everything is clean prior to loading the other programs u guys have in order to keep from having another issue. I have attached my DSS scan and the Kapersey report let me know if you see any other cleaning I need to do. Thanks!

Deckard's System Scanner v20071014.68
Run by Ivo Freund on 2008-01-15 00:11:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-01-15 05:11:28 UTC - RP6 - Deckard's System Scanner Restore Point
2: 2008-01-15 04:29:18 UTC - RP5 - Removed Java 2 Runtime Environment, SE v1.4.2_03
1: 2008-01-15 04:04:23 UTC - RP4 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-15 00:13:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\s... Read more

A:Spyware/malware popup issues

Just an update to this, my problem was indeed not solved after following the steps in another thread. My issue involves Worm.Win32.Netsky and several popups regarding security and privacy. I found another thread with the same problem and followed those procedures listed but I have a feeling that this "worm" is different in each machine. Let me know if you need fresh files as I have done more to try to rid my machine of this nasty bug.

1 more replies
Answer Match 45.36%

Please help. Windows XP with SP2.

background has changed to show computer is infected, user of the computer did not have AV updated.

when logged into safe mode as administrator was unable to access anything, even said task manager has been disabled by administrator.

after running ERD commander and editing the registry I was able to open up the computer enough to install Spybot S&D. it removed about 300 issues. I am now having issues installing Norton AV. norton installed off of the CD, when I go to start norton protection I get
"Norton Internet Security has encountered an internal program error. please uninstall and reinstall NIS (there is a link for symantec tech support) however not connecting computer to internet based on condition of computer. error code 5002,2

Please see Hijack log and offer any assistance you can
Thanks


Logfile of HijackThis v1.99.1
Scan saved at 10:16:23 AM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program ... Read more

A:multiple spyware popup warnings

UGH.... NEVERMIND.... ADMIN you may close this thread.

I was able to get norton installed, it updated then froze at the end of the update. restarted the computer and its like I never touched. now i am back to having no access to anything just error messages whenever i try to run any applications. This thing is getting the old FFR

1 more replies
Answer Match 45.36%

DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 19:54:21.37 on Sat 02/06/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.47 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEsvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\LxrJD31s.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exeC:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\McAfee.com\Agent\McAgent.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\... Read more

A:Trojan infections and Spyware ad popup

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

59 more replies
Answer Match 45.36%

Symptoms:Every few minutes the webpage I am on will change to an advert webpage. Sometimes it will open up in its own popup windowSometimes there is the word CiD in the top left of the window, sometimes I see the word uTarget in the url.Actions Taken:PC has Norton360 installed and updated, it did find some spyware and removed it, problem still exists.Downloaded AVG which found more spyware and removed it, problem still exists.Followed all steps in the preperation article from this site, problem still exists.Log posted so someone clever can tell me wtf is going on.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 16:52:12, on 05/02/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeC:\Program Files\sony\ISB Utility\ISBMgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program ... Read more

A:Spyware Popup Issue (cid, Utarget....)

I think I have fixed it

These two lines seemed to be the culprits:

O4 - HKCU\..\Run: [OpenSign] "C:\ProgramData\dead city city.uedwl"
O4 - HKCU\..\Run: [Base road long save] "C:\ProgramData\Dash Bows Default.i5ijk"

Is there anything else I should be doing after HJT deleted the above lines or is that the job done?

3 more replies
Answer Match 45.36%

I must have installed something bad because now I am constantly bombarded with with official looking Windows Security Alerts about serious threats to my computer's safety, and fake trojan.w32.looksky warnings then directed to fake anti-spyware websites. I've created a HijackThis log to see if someone might be able to help me figure this out, as I have very little knowledge of where something like this might be hidden in my computer. On a related note, the very next time I tried to access my external hd after all this started to happen, it wasn't recognized, and windows asks to format it. This must be related, but I can't figure out how, and I'm very worried about losing it all.

So here is the logfile, and thanks in advance:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:53 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\m... Read more

A:infuriating popup spyware removal ads

Hello and welcome to TSF.

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply and a fresh HijackThis log please.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

10 more replies
Answer Match 45.36%

Hello I'm trying to make sure that my computer's clean. The thought of spyware, keyloggers and the like make me wary to use the internet.

This is my first time using Hijack. Here's the log. Any advice would be greatly appreciated.
-jW

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:30 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\PROGRA~1\MICR... Read more

More replies
Answer Match 45.36%

(UPDATE: See below reply)I continually get a pop-up of alleged spyware being detected on my PC at startup, and continual attempts to download rogue spyware programs like spyware isolator.I have the latest version of Spyware Doctor and it detects the problems which i then fix, but it still continues to reload itself on the next startup though. I have even tried to delete them manually to no avail. Advice would be greatly appreciated.Here is the name of the files that Spyware Doctor finds:Adware.Agent.BNHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin, atHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin, itLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:44:14 AM, on 3/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Spyware Docto... Read more

A:Spyware Popup Keeps Showing Up At Startup

Ok, I was able to solve my own problem. I used Malwarbytes' Anti-Malware program and it was able to find all of the malware on my PC and permanently remove it. No more popups! Highly recommend this program as it found things that my commercial sypware program, Spyware Doctor couldn't find.

2 more replies
Answer Match 44.94%

Hi, today I decided to try ZoneAlarm's free firewall. Before I could download it, the website strongly recommended I run they're "free" online spyware scanner.
I did so, and this is what it spit out:
Blackbox - Keystroke Logger

GUID - {0863A990-95FD-11D1-B777-00001C1AD1F8}

File Name - C:\Program Files\Tecnomatix\Common\DWSBC36.OCX

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{0863A990-95FD-11D1-B777-00001C1AD1F8}

GUID - {3BD2C94F-049E-11D1-B66A-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{3BD2C94F-049E-11D1-B66A-00001C1AD1F8}

GUID - {5B238A07-94F7-11D1-B776-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{5B238A07-94F7-11D1-B776-00001C1AD1F8}

GUID - {679C8412-93B8-11D1-B773-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{679C8412-93B8-11D1-B773-00001C1AD1F8}

ProgID - Dwsbc36.Subclass.6

GUID - {7F5E3525-F816-11D0-B64C-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{7F5E3525-F816-11D0-B64C-00001C1AD1F8}

Desaware Spyworks - Hacker Tool

GUID - {2C704DBB-9C46-11D1-B784-00001C1AD1F8}

File Name - C:\Program Files\Tecnomatix\Common\DWSHK36.OCX

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{2C704DBB-9C46-11D1-B784-00001C1AD1F8}

GUID - {2C704DBC-9C46-11D1-B784-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{2C704DBC-9C46-11D1-B784-00001C1AD1F8}

GUID - {2C704DBD-9C46-11D1-B784-00001C1AD1F8}

RegistryKey - HKEY_CLASSES_ROOT\CLSID\{2C704DBD-9C46-11D1-B784-00001C1AD1F8}

ProgID - dwshk36.WinHook.6

GUID - {389B19B9-... Read more

More replies